ok. i'll try to make a little experiment and kill off the automatic socket DNS requests in case of proxying. i really can't find this moment what the RFCs tell about this issue.
kr On Fri, Jun 17, 2011 at 4:37 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > minor clarification: > "first of all, sqlmap doesn't issue DNS requests." > > this means that we don't do it manually. socket module does it. > > kr > > On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar > <miroslav.stam...@gmail.com> wrote: >> On Fri, Jun 17, 2011 at 4:25 PM, <bua...@gmail.com> wrote: >>> Miroslav Stampar wrote: >>>> hi buawig. >>>> >>>> well, sure there is a misunderstanding here :) >>>> >>>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>>> >>>> quote: >>>> "Even when connecting via a proxy your browser needs to get the IP >>>> address for the web site domain. Generally it will directly query the >>>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>>> queries go through your proxy." >>>> >>>> there has to be a DNS request when dealing with HTTP proxy. >>> >>> This is only true if the HTTP Proxy is entered/specified as a hostname >>> and not as an IP address. >>> >>> I just checked this for firefox. Firefox doesn't issue any DNS request >>> when configured to use a HTTP proxy, so why should sqlmap need to issue >>> a DNS request? >> >> first of all, sqlmap doesn't issue DNS requests. >> >> you have the code, it's open source after all, and you can check it yourself. >> >> second, are you using some plugins (like FoxyProxy) or just entered >> proxy address manually into settings? also, have you tried to issue >> some new random address like www.asdasdasdasdas.com (maybe your IP >> address was in DNS cache) >> >>> >>>> about DNS leaks with TOR. we are aware of this issue and there is no >>>> easy way out of it. believe me. I've spent three days searching and >>>> implementing and there is NO easy way out of it. we can try to search >>>> and use things like "tor-resolve" but it will work just for minor >>>> number of cases (users which prepare environment for it). >>> >>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>> this is 'unfixable'. >> >> i like this one :) >> >> please, be so kind find the patch and adjust. we'll be more than happy >> to incorporate it. >> >> kr >> >>> >>> >>> >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
