[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?



Hi,

Is there anything to worry about if using curl with the below configuration?
(I don't want to use a virtual machine)

Only debian-tor can go online:
iptables -F OUTPUT
iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
iptables -A OUTPUT -j ACCEPT -o lo
iptables -A OUTPUT -j ACCEPT -p udp --dport 123
iptables -P OUTPUT DROP

curl is used like this:

curl --socks5-hostname 127.0.0.1:9050 -A "TBB's user agent" -C - -O
http://download.testfile

I guess there is no way that curl can leak the real IP address. Any
objections?


> Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I
> just
> realized I tested it also with https when the leak happened (wget requires
> explicit 'https_proxy' to use CONNECT for https even if you use the same
> http
> proxy).
>
> Ondrej
>
> On 04/19/2012 10:54 PM, torsiris@xxxxxxxxxxx wrote:
>> Hi,
>>
>> I cannot confirm that wget (v1.12) is sending any DNS resolve when using
>> it this way:
>>
>> wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
>> http://download.test
>>
>> Wireshark does not show any UDP traffic.
>>
>> I will check out curl. I like the idea of not using a http proxy in
>> between.
>>
>> Thanks for the post. :-)
>>
>>> On 04/18/2012 11:40 PM, torsiris@xxxxxxxxxxx wrote:
>>>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk@xxxxxx> wrote:
>>>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom
>>>>>> <rransom.8774@xxxxxxxxx>
>>>>>> wrote:
>>>>>>> Which version of wget did you audit?  What information leaks did
>>>>>>> you
>>>>>>> check for during your audit?
>>>> Hi,
>>>>
>>>> How can I check what information wget is transmitting? I used
>>>> wireshark
>>>> and filtered to see only the traffic sent from wget to localhost:8118
>>>> but
>>>> I'm not a network expert and I don't know how to interpret the data.
>>>>
>>>> Anybody has deeper network knowledge?
>>>
>>> I've just checked wget, it does leak DNS even with http_proxy
>>> environment
>>> variable set.
>>>
>>> How to check:
>>>
>>> 1. Run wireshark
>>> 2. Select "Pseudointerface (any)" unless you know which interface to
>>> look
>>> at
>>> 3. Put "dns" into the Filter field and click "Apply" button
>>>
>>> DNS is easy to spot since it's almost always going to UDP port 53
>>> (exceptions
>>> are really rare).
>>>
>>> Then you'll see what DNS queries your host did at the time (obviously
>>> it's
>>> best
>>> to turn off any other program that could interfere in the measurement).
>>>
>>> These things can change on version-to-version basis of the same
>>> software,
>>> so
>>> it's always best to check your actual version with wireshark.
>>>
>>> Though curl is much better than wget in all recent versions at least,
>>> this
>>> does
>>> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy
>>> is
>>> expected to run at port 9050):
>>>
>>> curl --socks5-hostname localhost:9050
>>> "http(s)://somesite.wherever/rest_of_url"
>>>
>>> Ondrej
>>> _______________________________________________
>>> tor-talk mailing list
>>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>>
>>
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk