On July 9, 2019 8:55:00 AM UTC, nusenu <nusenu-li...@riseup.net> wrote: >Hi, > >I noticed some unexpected answers in exitmap's [1] dnsenum results >and suspected that this has todo with IPv4 vs. IPv6. > >First I looked at [2] and found that it only lists IPv4 and hostnames >as possible answers but then I realized that exitmap might not be using >the RESOLVE command?
Exitmap is using tor's RESOLVE extension to SOCKS: https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt#n49 >> def resolve(self, domain): >> """ >> Resolve the given domain using Tor's SOCKS1 resolution >extension. >> """ >> >> domain_len = len(domain) >> if domain_len > 255: >> raise error.SOCKSv5Error("Domain must not be longer than >255 " >> "characters, but %d given." % >domain_len) >> >> # Tor defines a new command value, \x0f, that is used for >domain >> # resolution. >> >> self._send_all("\x05\xf0\x00\x03%s%s%s" % >> (chr(domain_len), domain, "\x00\x00")) Exitmap uses the SOCKS 5, resolve, DNS command: See page 4 of https://www.ietf.org/rfc/rfc1928.txt >> >> resp = self._recv_all(10) >> if resp[:2] != "\x05\x00": >> raise error.SOCKSv5Error("Invalid server response: 0x%s" >% >> resp[1].encode("hex")) Resolve can return an IPv4 or IPv6 response, but Exitmap ignores the address type, and turns the first 4 bytes of the response into an IPv4 address. >> return socket.inet_ntoa(resp[4:8]) > > >Does Tor's SOCKS resolution extension support IPv6 answers >or does it only attempt A records? If it gets both IPv4 and IPv6, I think it will prefer IPv4. Try testing with ipv6.google.com, which only has an IPv6 address. >I'm aiming to resolve a hostname and would like to get >the IPv4 and if available the IPv6 address. I don't know how you can reliably get the IPv6 address over SOCKS, when the site has an IPv4 address. Try using the controller RESOLVE command and ADDRMAP event, which supports IPv6: Address = ip4-address / ip6-address / hostname If that doesn't work, we might need to make some changes to tor, or fix some bugs. >thanks, >nusenu > > >[1] https://github.com/NullHypothesis/exitmap >[2] >https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1349 -- teor ---------------------------------------------------------------------- _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
