[tor-talk] Continuous Integration for testing application proxy leaks?

grarpamp grarpamp at gmail.com
Sun May 21 03:09:36 UTC 2017


> Has anyone tried using continuous integration tools like Travis CI to
> find proxy leaks in applications? The rough idea I had was to run all
> the existing unit/integration tests for the application, wrapped in
> something like:
>
> strace -f -e
> trace=socket,getsockopt,setsockopt,getsockname,connect,bind,send,sendto,
> sendmsg,recv,recvfrom,recvmsg
> ./run_tests.sh
>
> and use grep on the resulting output to find any results that connect
> to anything other than the configured proxy. (This assumes that the
> application has good test coverage already.) I'm curious if someone
> has already tried to tackle this, or if there's a better way.
>
> (H/t to pabouk at https://tor.stackexchange.com/a/118 for the idea of
> using strace.)

Assuming you're not going to read the code to find such instances
and test mode is nice but not covering real world usage, caveats,
threats and exploits, nor does strace block anything,
better to packet filter and log everything default deny.
Run all the tests and real world you want inside that.


More information about the tor-talk mailing list