Hi, Is there anything to worry about if using curl with the below configuration? (I don't want to use a virtual machine)
Only debian-tor can go online: iptables -F OUTPUT iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor iptables -A OUTPUT -j ACCEPT -o lo iptables -A OUTPUT -j ACCEPT -p udp --dport 123 iptables -P OUTPUT DROP curl is used like this: curl --socks5-hostname 127.0.0.1:9050 -A "TBB's user agent" -C - -O http://download.testfile I guess there is no way that curl can leak the real IP address. Any objections? > Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I > just > realized I tested it also with https when the leak happened (wget requires > explicit 'https_proxy' to use CONNECT for https even if you use the same > http > proxy). > > Ondrej > > On 04/19/2012 10:54 PM, [email protected] wrote: >> Hi, >> >> I cannot confirm that wget (v1.12) is sending any DNS resolve when using >> it this way: >> >> wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c >> http://download.test >> >> Wireshark does not show any UDP traffic. >> >> I will check out curl. I like the idea of not using a http proxy in >> between. >> >> Thanks for the post. :-) >> >>> On 04/18/2012 11:40 PM, [email protected] wrote: >>>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <[email protected]> wrote: >>>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom >>>>>> <[email protected]> >>>>>> wrote: >>>>>>> Which version of wget did you audit? What information leaks did >>>>>>> you >>>>>>> check for during your audit? >>>> Hi, >>>> >>>> How can I check what information wget is transmitting? I used >>>> wireshark >>>> and filtered to see only the traffic sent from wget to localhost:8118 >>>> but >>>> I'm not a network expert and I don't know how to interpret the data. >>>> >>>> Anybody has deeper network knowledge? >>> >>> I've just checked wget, it does leak DNS even with http_proxy >>> environment >>> variable set. >>> >>> How to check: >>> >>> 1. Run wireshark >>> 2. Select "Pseudointerface (any)" unless you know which interface to >>> look >>> at >>> 3. Put "dns" into the Filter field and click "Apply" button >>> >>> DNS is easy to spot since it's almost always going to UDP port 53 >>> (exceptions >>> are really rare). >>> >>> Then you'll see what DNS queries your host did at the time (obviously >>> it's >>> best >>> to turn off any other program that could interfere in the measurement). >>> >>> These things can change on version-to-version basis of the same >>> software, >>> so >>> it's always best to check your actual version with wireshark. >>> >>> Though curl is much better than wget in all recent versions at least, >>> this >>> does >>> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy >>> is >>> expected to run at port 9050): >>> >>> curl --socks5-hostname localhost:9050 >>> "http(s)://somesite.wherever/rest_of_url" >>> >>> Ondrej >>> _______________________________________________ >>> tor-talk mailing list >>> [email protected] >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>> >> >> >> _______________________________________________ >> tor-talk mailing list >> [email protected] >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
