subject:"Lynx leaks DNS"

Re: Lynx leaks DNS

2009-06-27 Thread Jim McClanahan

Phil wrote:
> 
> I realize this needs a fix not a workaround, but if a workaround is enough 
> for now you could try running lynx via proxychains --> tor
> 
> Proxychains might grab all the DNS requests.

Thanks for your response.  Now that I know lynx doesn't leak DNS when
the protocol (e.g. http://) in included, using full URLs is enough of a
"workaround" for me.  (And a relief that I haven't been leaking all of
this time.)  For everybody's information, I think I learned more about
the leaks while I was playing with proxychains.  It *appears* that lynx
is using DNS to try variations on the supplied name to find one that
works.  (Maybe there is an option to stop this?)  So while I have a
solution for myself, I think people using lynx with tor ought to be
warned about this.

> You could also probably leave privoxy in the proxy chain or test it with and 
> without.
> 
> I haven't tried this with lynx, but proxychains does work with tor.

I have tried using proxychains to chain to privoxy.  Trying to chain
directly to Tor would require more fiddling and I haven't tried that.
Lynx couldn't get to the website *and* it DNS leaked.  Maybe I didn't
have it configured correctly?  (privoxy is listening on
192.168.1.27:8119)

The non-comment, non-blank lines of the configuration file were:

strict_chain
tcp_read_time_out 15000
tcp_connect_time_out 1  
[ProxyList]
http192.168.1.27 8119

I used the command:  proxychains lynx http://torcheck.xenobite.eu

With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then
proxychains terminated the connection.  The page request was not logged
in Privoxy's logfile.   proxychains reported:
"strict chain:192.168.1.27:8119..broken", and backgrounded and
stopped lynx.

# tcpdump -nni eth0 not tcp port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:20:08.950239 IP 192.168.2.102.42865 > 65.247.xx.xx.53: 28346+ A?
torcheck.xenobite.eu. (38)
23:20:08.952037 IP 65.247.xx.xx.53 > 192.168.2.102.42865: 28346 1/2/2 A
217.160.111.190 (137)
23:20:08.952807 IP 192.168.2.102.51357 > 192.168.1.27.8119: S
3021896822:3021896822(0) win 5840 
23:20:08.954018 IP 192.168.1.27.8119 > 192.168.2.102.51357: S
3677520579:3677520579(0) ack 3021896823 win 5792 
23:20:08.954052 IP 192.168.2.102.51357 > 192.168.1.27.8119: . ack 1 win
183 
23:20:08.954245 IP 192.168.2.102.51357 > 192.168.1.27.8119: F 1:1(0) ack
1 win 183 
23:20:08.955321 IP 192.168.1.27.8119 > 192.168.2.102.51357: P 1:54(53)
ack 2 win 1448 
23:20:08.955353 IP 192.168.2.102.51357 > 192.168.1.27.8119: R
3021896824:3021896824(0) win 0
23:20:08.955686 IP 192.168.1.27.8119 > 192.168.2.102.51357: F 54:54(0)
ack 2 win 1448 
23:20:08.955702 IP 192.168.2.102.51357 > 192.168.1.27.8119: R
3021896824:3021896824(0) win 0

Re: Lynx leaks DNS

2009-06-26 Thread Phil


I realize this needs a fix not a workaround, but if a workaround is enough for 
now you could try running lynx via proxychains --> tor 

Proxychains might grab all the DNS requests.

You could also probably leave privoxy in the proxy chain or test it with and 
without.

I haven't tried this with lynx, but proxychains does work with tor.

Re: Lynx leaks DNS

2009-06-26 Thread Jim McClanahan

Fabian Keil wrote:
> 
> Jim McClanahan  wrote:
> 
> > Quite by accident I discovered that the lynx browser is leaking DNS
> > addresses.  I have verified this on:
> >
> >Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
> >Lynx Version 2.8.5rel.1 (04 Feb 2004)
> 
> Is there a reason why you aren't using a more recent build?

That was what I had readily available.  I just installed lynx on
Ubuntu 8.04 LTS for more testing:

   lynx --version
   Lynx Version 2.8.6rel.4 (15 Nov 2006)
   libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 2.0.4, ncurses
5.6.20071124(wide)
   Built on linux-gnu Apr  8 2008 13:48:42

It shows the same behavior I saw before.  But further investigation
reveals this interesting twist:  It does not leak if the URL with
protocol is given.  But if the http:// is omitted, it leaks, yet still
loads the page.  Without thinking, I had just been using p.p.  When I
used http://p.p, it did not leak.  But it is not only p.p that leaks:

tcpdump -nni eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:22:23.435995 IP 192.168.2.102.45063 > 65.247.xx.xx.53: 46608+ A? p.p.
(21)
08:22:23.437732 IP 65.247.xx.xx.53 > 192.168.2.102.45063: 46608 2/2/0 A
64.158.56.50, A 63.251.179.30 (109)
08:33:39.447099 IP 192.168.2.102.54845 > 65.247.xx.xx.53: 19107+ A?
torcheck.xenobite.eu. (38)
08:33:39.679776 IP 65.247.xx.xx.53 > 192.168.2.102.54845: 19107 1/2/2 A
217.160.111.190 (137)

(The returned addresses for p.p is bad behavior on the part of my ISP. 
They lead to a "not found" page with advertising.)  

Both of the above were without http://  .   And When http:// was added,
neither leaked.  torcheck.xenobite.eu (both with a w/o http://) verified
I was accessing via Tor.

Not as bad as I thought when I originally posted.  But still
disconcerting, particularly considering that it will happily render the
page w/o http://  .

> 
> I can't reproduce the problem with:
> 
> f...@tp51 ~ $lynx --version
> Lynx Version 2.8.6rel.5 (09 May 2007)
> libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide)
> Built on freebsd8.0 Feb 27 2009 22:36:34

Re: Lynx leaks DNS

2009-06-26 Thread Fabian Keil

Jim McClanahan  wrote:

> Quite by accident I discovered that the lynx browser is leaking DNS
> addresses.  I have verified this on:
> 
>Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
>Lynx Version 2.8.5rel.1 (04 Feb 2004)

Is there a reason why you aren't using a more recent build?

I can't reproduce the problem with:

f...@tp51 ~ $lynx --version
Lynx Version 2.8.6rel.5 (09 May 2007)
libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide)
Built on freebsd8.0 Feb 27 2009 22:36:34

Fabian


signature.asc
Description: PGP signature

Lynx leaks DNS

2009-06-26 Thread Jim McClanahan

Hi,

Quite by accident I discovered that the lynx browser is leaking DNS
addresses.  I have verified this on:

   Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
   Lynx Version 2.8.5rel.1 (04 Feb 2004)

lynx is called from scripts with the following statements:

   export http_proxy=http://localhost:8119
   export https_proxy=http://localhost:8119
   export ftp_proxy=http://localhost:8119
   export gopher_proxy=http://localhost:8119
   export news_proxy=http://localhost:8119
   export newspost_proxy=http://localhost:8119
   export newsreply_proxy=http://localhost:8119
   export snews_proxy=http://localhost:8119
   export snewspost_proxy=http://localhost:8119
   export snewsreply_proxy=http://localhost:8119
   export nntp_proxy=http://localhost:8119
   export wais_proxy=http://localhost:8119
   export finger_proxy=http://localhost:8119
   export cso_proxy=http://localhost:8119

Privoxy is listening on localhost:8119 and sends requests to tor in the
standard way.  I have verified from Privoxy's log that requests are
received and   http://torcheck.xenobite.eu verifies the request
is coming through the Tor network.  Supplying linx with the url of p.p
(an alias that Privoxy understands) demonstrates that lynx does a DNS
request and then ignores the result. 

Comments?  Suggestions?

Re: Lynx leaks DNS

Re: Lynx leaks DNS

Re: Lynx leaks DNS

Re: Lynx leaks DNS

Lynx leaks DNS

5 matches

Site Navigation

Mail list logo

Footer information