[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: proxychains DNS leaks stopped

I just did a test.  As root I watched udp traffic using "tcpdump -i eth0 -net -s 65535 udp and host 192.168.XX.XX"
and didn't see any DNS request when I used "proxychains firefox http://check.torproject.org"

I did see this in the terminal that I launched proxychains from.
build@Janus-Dev-VM:~$ proxychains firefox http://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| check.torproject.org
|DNS-response| check.torproject.org is

Also worth mentioning, at the end of the default proxychains.conf file is:
# defaults set to "tor"
socks5 9050

Perhaps the author did have Tor in mind? 
When I ran firefox without proxychains, I then say DNS request with tcpdump, as expected.

Hrm....I think it's working.  If I'm wrong, could someone point out the flaw in my testing method?


- Kyle

On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <arma@xxxxxxx> wrote:
On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote:
> Are you saying that the "proxy_dns" option in the proxychains.conf is in
> fact leaking DNS request?from the proxychains.conf file:
> "
> # Proxy DNS requests - no leak for DNS data
> proxy_dns
> "
> I thought it would resolve against the specified SOCKS 4/5 proxy.  Is this
> not happening?

Socks doesn't have a notion of resolving. It only has a notion of
connecting (well, and binding, but we don't use that).

We hacked on our own notion of a 'resolve' socks request:
and I'd be surprised if any other projects use our extension.