[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Duplicating Tor's DNS requests

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Duplicating Tor's DNS requests
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Sat, 26 Mar 2016 13:54:23 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 Mar 2016 13:54:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=hqPJGhnwJNzBdanuf/63dTeXR+l7xRu9/Ym734l0gYc=; b=BCYvVeqTw3boo6DfonjYMzjV46krsVi7qJj1zOTKTW6a2q+wcXcpDxArQnddjwpA3B sm+/qnEDNiGRbl1ImbYp/r2O8U4YRk6L9PRvJxj1ReqEw1eSGUHP6Wthn3I3jKJjt2DI WXEgN7uMwAINb3P+WMJR6PI8nERlEz2sMHZfQOW8IQQAsd43qZ/ybhiBQwUGxjqQxppo X1mPg6lV+VesrYymDiTAw6gwe7DSdS+6tY5PmUGKjXlzpV955OkOYJHNiIUe8Us6UM1E 9amCysBcEYXy2DujkzNyi/syLKx6EkP42BaxPDzN4OrxdriCOF7QTwFvXlvtvmhmMoBz xh4Q==
In-reply-to: <20160326101405.GA8312@hansolo>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20160326101405.GA8312@hansolo>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 3/26/16, parazyd <parazyd@xxxxxxxx> wrote:
> I'm wondering about duplicating Tor's DNS requests (like, when browsing
> a clearnet website) to another place on my machine.
>
> Basically, I'm running dnscap and with iptables or something similar, I
> would like to copy the DNS requests so dnscap can see them, but the
> important part is that the copied requests do not get through.

dnscap / iptables expects dns protocol, not parsing hostname
resolves out of socks5 protocol on localhost bpf. You need
other tool for that.
Your browser pushes hostnames through tor's socks5 interface,
so tor would need feature to block them internally instead of
sending them out over tor, then you couldn't browse anything.
If you don't want anything leaving but tor, block all and only
leave path to tor's socks5 port on another box / vm... aka: whonix.

You probably want to read / comment / contribute to
DNS portion of this ticket...

# Combine setevents circ and stream
https://trac.torproject.org/projects/tor/ticket/11179
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Duplicating Tor's DNS requests
  - From: parazyd

References:
- [tor-talk] Duplicating Tor's DNS requests
  - From: parazyd

Prev by Author: Re: [tor-talk] Traffic shaping attack
Next by Author: Re: [tor-talk] Duplicating Tor's DNS requests
Previous by thread: [tor-talk] Duplicating Tor's DNS requests
Next by thread: Re: [tor-talk] Duplicating Tor's DNS requests
Index(es):
- Author
- Thread