[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?



Hi

-------- Original Message --------
From: Matthew Kaufman <mkfmncom@xxxxxxxxx>
Apparently from: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] wget - secure?
Date: Sat, 26 May 2012 19:14:51 -0400

> Hello,
> 
> Thanks for these config settings, Does it also leak if I use:
> 
> torify wget http://example.com
> 
> ?
> 
> Is this what torify does?

I dont understand what you're asking. Does _what_ also leak? In my http tests [1] DNS and Headers didn't leaked (SOCKS4a and SOCKS5), but, I couldn't test the IP issue with FTP PORT Robert Randsom wrote about (I'm ignorant of testing methods).

I cant write about torify as I didn't test. But yes, I believe it can be used to 'force' wget through Tor. Whether that would help with the FTP IP Robert Randsom wrote about, I have no clue, I don't know if torify does FTP.


[1] https://lists.torproject.org/pipermail/tor-talk/2012-May/024390.html

> 
> On Saturday, May 26, 2012, wrote:
> 
> > Hi,
> >
> > -------- Original Message --------
> > From: helpfulnoob@xxxxxxxxxxxxx
> > Apparently from: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx <javascript:;>
> > To: tor-talk@xxxxxxxxxxxxxxxxxxxx <javascript:;>
> > Subject: [tor-talk] wget - secure?
> > Date: Sat, 26 May 2012 18:39:04 -0400
> >
> > > Hi again :)
> > >
> > > >On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774 at gmail.com>
> > wrote:
> > > >
> > > >>On 2012-04-18, Joseph Lorenzo Hall <joehall at gmail.com> wrote:
> > > >>
> > > >>The underlying point is that it would be neat if
> > > >>you've done a comprehensive analysis of a specific version of Tor,
> > > >>etc., etc.
> > >
> > > >No, the underlying point is that I have personally seen wget send my
> > > >computer's IP address over Tor in an FTP PORT command.  wget is not
> > > >â100% safeâ.
> > > >
> > > >The code to send a PORT command is still present in wget 1.13.4.  wget
> > > >1.13.4 is not â100% safeâ; anyone who wants to recommend it needs to
> > > >specify a particular configuration of wget which is safe.  (Don't
> > > >count on a âdefault configurationâ; Linux distributors might have
> > > >messed with it, or failed to update it to the version shipped in
> > > >recent wget source distributions.)
> > >
> > > Hi there Robert Randsom, thanks for such good info. Can you please point
> > me to documents, or directions, to test FTP PORT command with my setup:
> > Wget 1.13.4  (openssl 1.0.0g), Privoxy v3.0.19, , and Wireshark 1.6.8, on
> > Windows 7 x64 Home Premium  SP1?
> > >
> > > I want to test what you write, and so far I tried 'host IPadress' [1],
> > at a FreeBSD FTP server [2], but I didn't know what to look for; am I on
> > the right track? For now, I close port 21 on my computer, when using Wget;
> > is that good enough for now?
> > >
> > > I look to see if there's a way to disable FTP, but nope, and that's
> > probally showing my noobiesness, ha. Anyway, if I can help I'm happy to be
> > helpful, so, drop me a line! :)
> > >
> > > Here's how I started Wget:
> > >
> > > wget -c --no-parent ftp://ftp.freebsd.org/pub/FreeBSD/
> >
> >
> > I forgot to add the settings for Wget, but they're big, and they're in
> > another message I sent the list, the Tor specific settings for Wget are in
> > wgetrc.txt and are:
> > use_proxy = on
> > http_proxy = http://127.0.0.1:8118/
> >
> > However, I added other settings to my wgetrc, they'll be in the other
> > message. Sorry!
> > _______________________________________________
> > tor-talk mailing list
> > tor-talk@xxxxxxxxxxxxxxxxxxxx <javascript:;>
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk