[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?

On 04/18/2012 11:40 PM, torsiris@xxxxxxxxxxx wrote:
>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk@xxxxxx> wrote:
>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774@xxxxxxxxx>
>>> wrote:
>>>> Which version of wget did you audit?  What information leaks did you
>>>> check for during your audit?
> Hi,
> How can I check what information wget is transmitting? I used wireshark
> and filtered to see only the traffic sent from wget to localhost:8118 but
> I'm not a network expert and I don't know how to interpret the data.
> Anybody has deeper network knowledge?

I've just checked wget, it does leak DNS even with http_proxy environment
variable set.

How to check:

1. Run wireshark
2. Select "Pseudointerface (any)" unless you know which interface to look at
3. Put "dns" into the Filter field and click "Apply" button

DNS is easy to spot since it's almost always going to UDP port 53 (exceptions
are really rare).

Then you'll see what DNS queries your host did at the time (obviously it's best
to turn off any other program that could interfere in the measurement).

These things can change on version-to-version basis of the same software, so
it's always best to check your actual version with wireshark.

Though curl is much better than wget in all recent versions at least, this does
not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
expected to run at port 9050):

curl --socks5-hostname localhost:9050 "http(s)://somesite.wherever/rest_of_url"

tor-talk mailing list