[tor-bugs] #5741 [Tor bundles/installation]: TBB proxy bypass: Some DNS requests not going through Tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed May 2 19:48:39 UTC 2012 

#5741: TBB proxy bypass: Some DNS requests not going through Tor
--------------------------------------+-------------------------------------
 Reporter:  cypherpunks               |          Owner:  erinn
     Type:  defect                    |         Status:  new  
 Priority:  critical                  |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------
 Observed behaviour:

 When visiting certain websites, for example "http://bitcoincharts.com",
 with JavaScript enabled, a DNS request for the domain is made without
 going through Tor. This website is the only one I know of there it
 happens. This is when running the latest Tor Browser Bundle, properly
 verified against the gpg signature.

 Enabling NoScript to block all JavaScript seems to make the DNS request go
 away. This was verified by restarting Tor and then disabling JavaScript
 before visiting the site.


 Expected behaviour:

 No DNS request should be made through the normal internet, everything
 should go through Tor. The DNS requests leak information of which sites
 you are browsing in your Tor Browser.


 How to reproduce:

 1. Download and verify "tor-browser-gnu-linux-i686-2.2.35-10-dev-en-
 US.tar.gz"
 2. Start up Wireshark to monitor your network, optionally filtering for
 "dns"
 3. Unpack Tor and start it by running the "start-tor-browser" script
 4. Once TorBrowser is open, go to "http://bitcoincharts.com/"
 5. See DNS request for "bitcoincharts.com" being logged in Wireshark


 System information:

 Tor Browser Bundle for 32-bit Linux, version 2.2.35-10
 Running on Fedora 16


 Other:

 This is not the first time some rarely triggered bug in Firefox causes Tor
 to be bypassed, and certainly will not be the last one. Since these bugs
 have a very high security impact I propose they are guarded against. How
 about running Firefox inside some kind of firewall that drops all network
 packets not going to Tor?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5741>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list