minor clarification: "first of all, sqlmap doesn't issue DNS requests."
this means that we don't do it manually. socket module does it. kr On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > On Fri, Jun 17, 2011 at 4:25 PM, <bua...@gmail.com> wrote: >> Miroslav Stampar wrote: >>> hi buawig. >>> >>> well, sure there is a misunderstanding here :) >>> >>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>> >>> quote: >>> "Even when connecting via a proxy your browser needs to get the IP >>> address for the web site domain. Generally it will directly query the >>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>> queries go through your proxy." >>> >>> there has to be a DNS request when dealing with HTTP proxy. >> >> This is only true if the HTTP Proxy is entered/specified as a hostname >> and not as an IP address. >> >> I just checked this for firefox. Firefox doesn't issue any DNS request >> when configured to use a HTTP proxy, so why should sqlmap need to issue >> a DNS request? > > first of all, sqlmap doesn't issue DNS requests. > > you have the code, it's open source after all, and you can check it yourself. > > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) > >> >>> about DNS leaks with TOR. we are aware of this issue and there is no >>> easy way out of it. believe me. I've spent three days searching and >>> implementing and there is NO easy way out of it. we can try to search >>> and use things like "tor-resolve" but it will work just for minor >>> number of cases (users which prepare environment for it). >> >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. > > kr > >> >> >> >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
