[tor-talk] wget - secure?
Ondrej Mikle
ondrej.mikle at gmail.com
Wed Apr 18 23:55:10 UTC 2012
On 04/18/2012 11:40 PM, torsiris at tormail.net wrote:
>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk at dee.su> wrote:
>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774 at gmail.com>
>>> wrote:
>>>> Which version of wget did you audit? What information leaks did you
>>>> check for during your audit?
> Hi,
>
> How can I check what information wget is transmitting? I used wireshark
> and filtered to see only the traffic sent from wget to localhost:8118 but
> I'm not a network expert and I don't know how to interpret the data.
>
> Anybody has deeper network knowledge?
I've just checked wget, it does leak DNS even with http_proxy environment
variable set.
How to check:
1. Run wireshark
2. Select "Pseudointerface (any)" unless you know which interface to look at
3. Put "dns" into the Filter field and click "Apply" button
DNS is easy to spot since it's almost always going to UDP port 53 (exceptions
are really rare).
Then you'll see what DNS queries your host did at the time (obviously it's best
to turn off any other program that could interfere in the measurement).
These things can change on version-to-version basis of the same software, so
it's always best to check your actual version with wireshark.
Though curl is much better than wget in all recent versions at least, this does
not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
expected to run at port 9050):
curl --socks5-hostname localhost:9050 "http(s)://somesite.wherever/rest_of_url"
Ondrej
More information about the tor-talk
mailing list