[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SOCKS 4a or SOCKS 5 when using Polipo?



On Sun, 21 Nov 2010 11:48:59 +0000
Matthew <pumpkin@xxxxxxxxx> wrote:

>   Hello,
> 
> According to the Tor manual 
> (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry) 
> one should use SOCKS 4a.
> 
> AIUI, Polipo or Privoxy are used as HTTP proxies which then allow the 
> client (Firefox) to "speak" to Tor as SOCKS 4a (therefore providing 
> hostnames rather than already resolved IP addresses as with SOCKS 4 or 5).

That was the original reason to use an HTTP proxy between Firefox and
Tor.  Firefox can now be configured to resolve hostnames using the
SOCKS proxy -- set the ânetwork.proxy.socks_remote_dnsâ option in
about:config to âtrueâ, or use Torbutton, which automatically sets that
option.

The current reason to use an HTTP proxy between Firefox and Tor is that
Firefox has an inappropriately short, hard-coded timeout for
connections through SOCKS proxies.  See
<https://bugzilla.mozilla.org/show_bug.cgi?id=280661>.

> I therefore do not understand why in the Tor version of the Polipo 
> configuration file 
> (https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf) 
> it says:
> 
> # Uncomment this if you want to use a parent SOCKS proxy:
> 
> socksParentProxy = "localhost:9050"
> socksProxyType = socks5

Like the SOCKS 4A protocol, the SOCKS 5 protocol allows clients to
specify a hostname instead of an IP address, and Polipo does so.  Other
clients, including Firefox with the (well-hidden) socks_remote_dns
option turned off, may not specify a hostname to a SOCKS 5 server.


Robert Ransom

Attachment: signature.asc
Description: PGP signature