proxychains DNS leaks stopped

Kyle Williams kyle.kwilliams at gmail.com
Tue Jan 6 07:34:56 UTC 2009


Interesting...
I just did a test.  As root I watched udp traffic using "tcpdump -i eth0
-net -s 65535 udp and host 192.168.XX.XX"
and didn't see any DNS request when I used "proxychains firefox
http://check.torproject.org"

I did see this in the terminal that I launched proxychains from.
"
build at Janus-Dev-VM:~$ proxychains firefox http://check.torproject.org
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| check.torproject.org
|S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK
|DNS-response| check.torproject.org is 209.237.247.84
|S-chain|-<>-127.0.0.1:9050-<><>-209.237.247.84:80-<><>-OK
"

Also worth mentioning, at the end of the default proxychains.conf file is:
"
# defaults set to "tor"
socks5     127.0.0.1 9050
"

Perhaps the author did have Tor in mind?
When I ran firefox without proxychains, I then say DNS request with tcpdump,
as expected.

Hrm....I think it's working.  If I'm wrong, could someone point out the flaw
in my testing method?

Thanks!

- Kyle


On Mon, Jan 5, 2009 at 11:25 PM, Roger Dingledine <arma at mit.edu> wrote:

> On Mon, Jan 05, 2009 at 11:11:13PM -0800, Kyle Williams wrote:
> > Are you saying that the "proxy_dns" option in the proxychains.conf is in
> > fact leaking DNS request?from the proxychains.conf file:
> > "
> > # Proxy DNS requests - no leak for DNS data
> > proxy_dns
> > "
> >
> > I thought it would resolve against the specified SOCKS 4/5 proxy.  Is
> this
> > not happening?
>
> Socks doesn't have a notion of resolving. It only has a notion of
> connecting (well, and binding, but we don't use that).
>
> We hacked on our own notion of a 'resolve' socks request:
> https://svn.torproject.org/svn/tor/trunk/doc/spec/socks-extensions.txt
> and I'd be surprised if any other projects use our extension.
>
> --Roger
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090105/92de7650/attachment.htm>


More information about the tor-talk mailing list