Hello David,
Yes, UDP is simply not supported by Tor thus it will be rejected when opening the socket. Actually, it's not only UDP that should be blocked but *every* other protocol except TCP. For instance, there is no way to send icmp request through Tor thus we don't want that to leak.
...
This is dangerous and the reason why it's denied is that the application could easily make a DNS request for instance to a local server that will then resolve it on a remote one thus leaking.
You should really reconsider that, going locally can be fine but also really dangerous.
Thanks for all the advice. I've uploaded a new version now where the default behavior is to block any other sockets than TCP sockets and to block 127.x.x.x traffic. However, there is the optional switch /a to allow this as some software just needs it, e.g. Internet Explorer uses local UDP traffic to communicate between its processes. So the user can decide per process which mode to use. The new version also has some additional tweaks and fixes.
Concerning the upper "security" feature I think that everybody using a software like InjectSOCKS should be aware that there are a lot of ways to bypass all this. You shouldn't rely on it. The goal of InjectSOCKS is to use software together with Tor (or other SOCKS servers) even if it doesn't support this. Creating a sandbox or disabling malware is not the goal of InjectSOCKS. There are other tools for that and it's a good idea to have a firewall preventing any "bad" traffic.
Well, at least it's a proof of concept that you can manipulate the process behavior using this technique :-)
I'll take a look at it and if I can find a Windows, test it.
If you just want to test it you could use the official Microsoft trial version running for 90 days or something like that.
From that point on, I'll check how feasible it is to integrate what you did in the new torsocks code so we can have *nix and Windows support in the same tool, that would be quite awesome.
This sounds very interesting. My guess is that while the tools are similar, the internals are quite different. But this is just a guess :-)
Thanks for the effort.
Cheers ghostmaker