[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] wget - secure?
Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I just
realized I tested it also with https when the leak happened (wget requires
explicit 'https_proxy' to use CONNECT for https even if you use the same http
On 04/19/2012 10:54 PM, torsiris@xxxxxxxxxxx wrote:
> I cannot confirm that wget (v1.12) is sending any DNS resolve when using
> it this way:
> wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
> Wireshark does not show any UDP traffic.
> I will check out curl. I like the idea of not using a http proxy in between.
> Thanks for the post. :-)
>> On 04/18/2012 11:40 PM, torsiris@xxxxxxxxxxx wrote:
>>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk@xxxxxx> wrote:
>>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774@xxxxxxxxx>
>>>>>> Which version of wget did you audit? What information leaks did you
>>>>>> check for during your audit?
>>> How can I check what information wget is transmitting? I used wireshark
>>> and filtered to see only the traffic sent from wget to localhost:8118
>>> I'm not a network expert and I don't know how to interpret the data.
>>> Anybody has deeper network knowledge?
>> I've just checked wget, it does leak DNS even with http_proxy environment
>> variable set.
>> How to check:
>> 1. Run wireshark
>> 2. Select "Pseudointerface (any)" unless you know which interface to look
>> 3. Put "dns" into the Filter field and click "Apply" button
>> DNS is easy to spot since it's almost always going to UDP port 53
>> are really rare).
>> Then you'll see what DNS queries your host did at the time (obviously it's
>> to turn off any other program that could interfere in the measurement).
>> These things can change on version-to-version basis of the same software,
>> it's always best to check your actual version with wireshark.
>> Though curl is much better than wget in all recent versions at least, this
>> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
>> expected to run at port 9050):
>> curl --socks5-hostname localhost:9050
>> tor-talk mailing list
> tor-talk mailing list
tor-talk mailing list