[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: proxychains DNS leaks stopped



Interesting...
I just did a test.  As root I watched udp traffic using "tcpdump -i eth0 -net -s 65535 udp and host 192.168.XX.XX"
and didn't see any DNS request when I used "proxychains firefox http://check.torproject.org"

I did see this in the terminal that I launched proxychains from.
"
build@Janus-Dev-VM:~$ proxychains firefox http://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| check.torproject.org
|S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK
|DNS-response| check.torproject.org is 209.237.247.84
|S-chain|-<>-127.0.0.1:9050-<><>-209.237.247.84:80-<><>-OK
"

Also worth mentioning, at the end of the default proxychains.conf file is:
"
# defaults set to "tor"
socks5     127.0.0.1 9050
"

Perhaps the author did have Tor in mind? 
When I ran firefox without proxychains, I then say DNS request with tcpdump, as expected.

Hrm....I think it's working.  If I'm wrong, could someone point out the flaw in my testing method?

Thanks!

- Kyle


On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <arma@xxxxxxx> wrote:
On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote:
> Are you saying that the "proxy_dns" option in the proxychains.conf is in
> fact leaking DNS request?from the proxychains.conf file:
> "
> # Proxy DNS requests - no leak for DNS data
> proxy_dns
> "
>
> I thought it would resolve against the specified SOCKS 4/5 proxy.  Is this
> not happening?

Socks doesn't have a notion of resolving. It only has a notion of
connecting (well, and binding, but we don't use that).

We hacked on our own notion of a 'resolve' socks request:
https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt
and I'd be surprised if any other projects use our extension.

--Roger