Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I just realized I tested it also with https when the leak happened (wget requires explicit 'https_proxy' to use CONNECT for https even if you use the same http proxy).
Ondrej On 04/19/2012 10:54 PM, torsi...@tormail.net wrote: > Hi, > > I cannot confirm that wget (v1.12) is sending any DNS resolve when using > it this way: > > wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c > http://download.test > > Wireshark does not show any UDP traffic. > > I will check out curl. I like the idea of not using a http proxy in between. > > Thanks for the post. :-) > >> On 04/18/2012 11:40 PM, torsi...@tormail.net wrote: >>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <m...@dee.su> wrote: >>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8...@gmail.com> >>>>> wrote: >>>>>> Which version of wget did you audit? What information leaks did you >>>>>> check for during your audit? >>> Hi, >>> >>> How can I check what information wget is transmitting? I used wireshark >>> and filtered to see only the traffic sent from wget to localhost:8118 >>> but >>> I'm not a network expert and I don't know how to interpret the data. >>> >>> Anybody has deeper network knowledge? >> >> I've just checked wget, it does leak DNS even with http_proxy environment >> variable set. >> >> How to check: >> >> 1. Run wireshark >> 2. Select "Pseudointerface (any)" unless you know which interface to look >> at >> 3. Put "dns" into the Filter field and click "Apply" button >> >> DNS is easy to spot since it's almost always going to UDP port 53 >> (exceptions >> are really rare). >> >> Then you'll see what DNS queries your host did at the time (obviously it's >> best >> to turn off any other program that could interfere in the measurement). >> >> These things can change on version-to-version basis of the same software, >> so >> it's always best to check your actual version with wireshark. >> >> Though curl is much better than wget in all recent versions at least, this >> does >> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is >> expected to run at port 9050): >> >> curl --socks5-hostname localhost:9050 >> "http(s)://somesite.wherever/rest_of_url" >> >> Ondrej >> _______________________________________________ >> tor-talk mailing list >> tor-talk@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > > > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk