Re: Lynx leaks DNS
Phil wrote: > > I realize this needs a fix not a workaround, but if a workaround is enough > for now you could try running lynx via proxychains --> tor > > Proxychains might grab all the DNS requests. Thanks for your response. Now that I know lynx doesn't leak DNS when the protocol (e.g. http://) in included, using full URLs is enough of a "workaround" for me. (And a relief that I haven't been leaking all of this time.) For everybody's information, I think I learned more about the leaks while I was playing with proxychains. It *appears* that lynx is using DNS to try variations on the supplied name to find one that works. (Maybe there is an option to stop this?) So while I have a solution for myself, I think people using lynx with tor ought to be warned about this. > You could also probably leave privoxy in the proxy chain or test it with and > without. > > I haven't tried this with lynx, but proxychains does work with tor. I have tried using proxychains to chain to privoxy. Trying to chain directly to Tor would require more fiddling and I haven't tried that. Lynx couldn't get to the website *and* it DNS leaked. Maybe I didn't have it configured correctly? (privoxy is listening on 192.168.1.27:8119) The non-comment, non-blank lines of the configuration file were: strict_chain tcp_read_time_out 15000 tcp_connect_time_out 1 [ProxyList] http192.168.1.27 8119 I used the command: proxychains lynx http://torcheck.xenobite.eu With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then proxychains terminated the connection. The page request was not logged in Privoxy's logfile. proxychains reported: "strict chain:192.168.1.27:8119..broken", and backgrounded and stopped lynx. # tcpdump -nni eth0 not tcp port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:20:08.950239 IP 192.168.2.102.42865 > 65.247.xx.xx.53: 28346+ A? torcheck.xenobite.eu. (38) 23:20:08.952037 IP 65.247.xx.xx.53 > 192.168.2.102.42865: 28346 1/2/2 A 217.160.111.190 (137) 23:20:08.952807 IP 192.168.2.102.51357 > 192.168.1.27.8119: S 3021896822:3021896822(0) win 5840 23:20:08.954018 IP 192.168.1.27.8119 > 192.168.2.102.51357: S 3677520579:3677520579(0) ack 3021896823 win 5792 23:20:08.954052 IP 192.168.2.102.51357 > 192.168.1.27.8119: . ack 1 win 183 23:20:08.954245 IP 192.168.2.102.51357 > 192.168.1.27.8119: F 1:1(0) ack 1 win 183 23:20:08.955321 IP 192.168.1.27.8119 > 192.168.2.102.51357: P 1:54(53) ack 2 win 1448 23:20:08.955353 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0 23:20:08.955686 IP 192.168.1.27.8119 > 192.168.2.102.51357: F 54:54(0) ack 2 win 1448 23:20:08.955702 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0
Re: Lynx leaks DNS
I realize this needs a fix not a workaround, but if a workaround is enough for now you could try running lynx via proxychains --> tor Proxychains might grab all the DNS requests. You could also probably leave privoxy in the proxy chain or test it with and without. I haven't tried this with lynx, but proxychains does work with tor.
Re: Lynx leaks DNS
Fabian Keil wrote: > > Jim McClanahan wrote: > > > Quite by accident I discovered that the lynx browser is leaking DNS > > addresses. I have verified this on: > > > >Lynx Version 2.8.4dev.7 (03 Aug 2000) and > >Lynx Version 2.8.5rel.1 (04 Feb 2004) > > Is there a reason why you aren't using a more recent build? That was what I had readily available. I just installed lynx on Ubuntu 8.04 LTS for more testing: lynx --version Lynx Version 2.8.6rel.4 (15 Nov 2006) libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 2.0.4, ncurses 5.6.20071124(wide) Built on linux-gnu Apr 8 2008 13:48:42 It shows the same behavior I saw before. But further investigation reveals this interesting twist: It does not leak if the URL with protocol is given. But if the http:// is omitted, it leaks, yet still loads the page. Without thinking, I had just been using p.p. When I used http://p.p, it did not leak. But it is not only p.p that leaks: tcpdump -nni eth0 udp port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 08:22:23.435995 IP 192.168.2.102.45063 > 65.247.xx.xx.53: 46608+ A? p.p. (21) 08:22:23.437732 IP 65.247.xx.xx.53 > 192.168.2.102.45063: 46608 2/2/0 A 64.158.56.50, A 63.251.179.30 (109) 08:33:39.447099 IP 192.168.2.102.54845 > 65.247.xx.xx.53: 19107+ A? torcheck.xenobite.eu. (38) 08:33:39.679776 IP 65.247.xx.xx.53 > 192.168.2.102.54845: 19107 1/2/2 A 217.160.111.190 (137) (The returned addresses for p.p is bad behavior on the part of my ISP. They lead to a "not found" page with advertising.) Both of the above were without http:// . And When http:// was added, neither leaked. torcheck.xenobite.eu (both with a w/o http://) verified I was accessing via Tor. Not as bad as I thought when I originally posted. But still disconcerting, particularly considering that it will happily render the page w/o http:// . > > I can't reproduce the problem with: > > f...@tp51 ~ $lynx --version > Lynx Version 2.8.6rel.5 (09 May 2007) > libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide) > Built on freebsd8.0 Feb 27 2009 22:36:34
Re: Lynx leaks DNS
Jim McClanahan wrote: > Quite by accident I discovered that the lynx browser is leaking DNS > addresses. I have verified this on: > >Lynx Version 2.8.4dev.7 (03 Aug 2000) and >Lynx Version 2.8.5rel.1 (04 Feb 2004) Is there a reason why you aren't using a more recent build? I can't reproduce the problem with: f...@tp51 ~ $lynx --version Lynx Version 2.8.6rel.5 (09 May 2007) libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide) Built on freebsd8.0 Feb 27 2009 22:36:34 Fabian signature.asc Description: PGP signature
Lynx leaks DNS
Hi, Quite by accident I discovered that the lynx browser is leaking DNS addresses. I have verified this on: Lynx Version 2.8.4dev.7 (03 Aug 2000) and Lynx Version 2.8.5rel.1 (04 Feb 2004) lynx is called from scripts with the following statements: export http_proxy=http://localhost:8119 export https_proxy=http://localhost:8119 export ftp_proxy=http://localhost:8119 export gopher_proxy=http://localhost:8119 export news_proxy=http://localhost:8119 export newspost_proxy=http://localhost:8119 export newsreply_proxy=http://localhost:8119 export snews_proxy=http://localhost:8119 export snewspost_proxy=http://localhost:8119 export snewsreply_proxy=http://localhost:8119 export nntp_proxy=http://localhost:8119 export wais_proxy=http://localhost:8119 export finger_proxy=http://localhost:8119 export cso_proxy=http://localhost:8119 Privoxy is listening on localhost:8119 and sends requests to tor in the standard way. I have verified from Privoxy's log that requests are received and http://torcheck.xenobite.eu verifies the request is coming through the Tor network. Supplying linx with the url of p.p (an alias that Privoxy understands) demonstrates that lynx does a DNS request and then ignores the result. Comments? Suggestions?