[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] exitmap/RESOLVE control command limitations

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] exitmap/RESOLVE control command limitations
From: teor <teor@xxxxxxxxxx>
Date: Tue, 09 Jul 2019 09:54:38 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Jul 2019 05:54:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1562666083; bh=fsBlvSK+0Dh8arn9N9iKN4FMEsCr4NSGPh1K1dkL6CY=; h=Date:In-Reply-To:References:Subject:To:From:From; b=In89Df2SfYSvA08VgDK+RbQNmn4pNe+6PBWDtjimnYChuc6bBYk1UiYKDngDcNYUj naoWlko9XLiUDWB/Gi+GeBDXCC54ooV1uba8TDO/hmTH+gW3UrO3CvuReDWLHSuXpA ijGydfMOPssvyn2i8dHM9kJnAKYoJocK0TPiCDpU=
In-reply-to: <23be77d3-3473-7d8c-ce7a-b90b58a22e9e@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <23be77d3-3473-7d8c-ce7a-b90b58a22e9e@riseup.net>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>


On July 9, 2019 8:55:00 AM UTC, nusenu <nusenu-lists@xxxxxxxxxx> wrote:
>Hi,
>
>I noticed some unexpected answers in exitmap's [1] dnsenum results
>and suspected that this has todo with IPv4 vs. IPv6.
>
>First I looked at [2] and found that it only lists IPv4 and hostnames
>as possible answers but then I realized that exitmap might not be using
>the RESOLVE command?

Exitmap is using tor's RESOLVE extension to SOCKS:
https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt#n49

>>     def resolve(self, domain):
>>         """
>>         Resolve the given domain using Tor's SOCKS1 resolution
>extension.
>>         """
>> 
>>         domain_len = len(domain)
>>         if domain_len > 255:
>>             raise error.SOCKSv5Error("Domain must not be longer than
>255 "
>>                                      "characters, but %d given." %
>domain_len)
>> 
>>         # Tor defines a new command value, \x0f, that is used for
>domain
>>         # resolution.
>> 
>>         self._send_all("\x05\xf0\x00\x03%s%s%s" %
>>                      (chr(domain_len), domain, "\x00\x00"))

Exitmap uses the SOCKS 5, resolve, DNS command:
See page 4 of https://www.ietf.org/rfc/rfc1928.txt

>> 
>>         resp = self._recv_all(10)
>>         if resp[:2] != "\x05\x00":
>>             raise error.SOCKSv5Error("Invalid server response: 0x%s"
>%
>>                                      resp[1].encode("hex"))

Resolve can return an IPv4 or IPv6 response, but Exitmap ignores the address type, and turns the first 4 bytes of the response into an IPv4 address.

>>         return socket.inet_ntoa(resp[4:8])
>
>
>Does Tor's SOCKS resolution extension support IPv6 answers
>or does it only attempt A records?

If it gets both IPv4 and IPv6, I think it will prefer IPv4.

Try testing with ipv6.google.com, which only has an IPv6 address.

>I'm aiming to resolve a hostname and would like to get 
>the IPv4 and if available the IPv6 address.

I don't know how you can reliably get the IPv6 address over SOCKS, when the site has an IPv4 address.

Try using the controller RESOLVE command and ADDRMAP event, which supports IPv6:

Address = ip4-address / ip6-address / hostname

If that doesn't work, we might need to make some changes to tor, or fix some bugs.

>thanks,
>nusenu
>
>
>[1] https://github.com/NullHypothesis/exitmap
>[2]
>https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1349


--
teor
----------------------------------------------------------------------
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
  - From: nusenu

References:
- [tor-dev] exitmap/RESOLVE control command limitations
  - From: nusenu

Prev by Author: Re: [tor-dev] 24 hours worth of BridgeDB usage metrics
Next by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Previous by thread: [tor-dev] exitmap/RESOLVE control command limitations
Next by thread: Re: [tor-dev] tor's SOCKS5 extension "RESOLVE"
Index(es):
- Author
- Thread