hi buawig. well, sure there is a misunderstanding here :)
http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy quote: "Even when connecting via a proxy your browser needs to get the IP address for the web site domain. Generally it will directly query the DNS servers. If you are using a Socks 5 proxy, you can have the DNS queries go through your proxy." there has to be a DNS request when dealing with HTTP proxy. about DNS leaks with TOR. we are aware of this issue and there is no easy way out of it. believe me. I've spent three days searching and implementing and there is NO easy way out of it. we can try to search and use things like "tor-resolve" but it will work just for minor number of cases (users which prepare environment for it). also, remember that solution I was doing for web based nslookup. i still have the code, but it would be a decision on a user to trust it or not. kr On Fri, Jun 17, 2011 at 3:41 PM, <bua...@gmail.com> wrote: > Miroslav Stampar wrote: >> hi David. >> >> you won't be able to redirect DNS requests through HTTP(s) proxy for sure. > > I think there is a misunderstanding here. > > If you configure an application to route its HTTP(s) requests through a > proxy the application itself should not generate any DNS requests. > The application will also not send DNS requests to the proxy. > > The application - in this case sqlmap - should just ask the proxy to > send a HTTP request to example.com, the proxy will take care of DNS > resolution. > > I just tried sqlmap with --proxy and this is in my opinion a bug because > sqlmap issues DNS queries even if --proxy is used. > > This bug can be quite serious for the guys using > --tor > or > --proxy http://localhost:8118 > because sqlmap will leak DNS queries to the local DNS server. > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
