[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: proxychains DNS leaks stopped

     On Mon, 5 Jan 2009 23:34:56 -0800 "Kyle Williams"
<kyle.kwilliams@xxxxxxxxx> top-posted:
>I just did a test.  As root I watched udp traffic using "tcpdump -i eth0
>-net -s 65535 udp and host 192.168.XX.XX"
>and didn't see any DNS request when I used "proxychains firefox

     That's right.  You won't see it as UDP because the proxyresolv script
uses the +tcp option on the dig(1) command.
>I did see this in the terminal that I launched proxychains from.
>build@Janus-Dev-VM:~$ proxychains firefox http://check.torproject.org
>ProxyChains-3.1 (http://proxychains.sf.net)
>|DNS-request| check.torproject.org
>|DNS-response| check.torproject.org is
>Also worth mentioning, at the end of the default proxychains.conf file is:
># defaults set to "tor"
>socks5 9050

     The one that got installed on my system said,

# defaults set to "tor"
socks4 9050

which I changed to the way you have it.
>Perhaps the author did have Tor in mind?
>When I ran firefox without proxychains, I then say DNS request with tcpdump,
>as expected.
>Hrm....I think it's working.  If I'm wrong, could someone point out the flaw
>in my testing method?

     See above.  Take a good look at the proxyresolv script that is used by
proxychains to resolve names to addresses.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *