[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] wget - secure?
Hi,
I cannot confirm that wget (v1.12) is sending any DNS resolve when using
it this way:
wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
http://download.test
Wireshark does not show any UDP traffic.
I will check out curl. I like the idea of not using a http proxy in between.
Thanks for the post. :-)
> On 04/18/2012 11:40 PM, torsiris@xxxxxxxxxxx wrote:
>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk@xxxxxx> wrote:
>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774@xxxxxxxxx>
>>>> wrote:
>>>>> Which version of wget did you audit? What information leaks did you
>>>>> check for during your audit?
>> Hi,
>>
>> How can I check what information wget is transmitting? I used wireshark
>> and filtered to see only the traffic sent from wget to localhost:8118
>> but
>> I'm not a network expert and I don't know how to interpret the data.
>>
>> Anybody has deeper network knowledge?
>
> I've just checked wget, it does leak DNS even with http_proxy environment
> variable set.
>
> How to check:
>
> 1. Run wireshark
> 2. Select "Pseudointerface (any)" unless you know which interface to look
> at
> 3. Put "dns" into the Filter field and click "Apply" button
>
> DNS is easy to spot since it's almost always going to UDP port 53
> (exceptions
> are really rare).
>
> Then you'll see what DNS queries your host did at the time (obviously it's
> best
> to turn off any other program that could interfere in the measurement).
>
> These things can change on version-to-version basis of the same software,
> so
> it's always best to check your actual version with wireshark.
>
> Though curl is much better than wget in all recent versions at least, this
> does
> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
> expected to run at port 9050):
>
> curl --socks5-hostname localhost:9050
> "http(s)://somesite.wherever/rest_of_url"
>
> Ondrej
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk