On 04/18/2012 11:40 PM, torsi...@tormail.net wrote: >> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <m...@dee.su> wrote: >>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8...@gmail.com> >>> wrote: >>>> Which version of wget did you audit? What information leaks did you >>>> check for during your audit? > Hi, > > How can I check what information wget is transmitting? I used wireshark > and filtered to see only the traffic sent from wget to localhost:8118 but > I'm not a network expert and I don't know how to interpret the data. > > Anybody has deeper network knowledge?
I've just checked wget, it does leak DNS even with http_proxy environment variable set. How to check: 1. Run wireshark 2. Select "Pseudointerface (any)" unless you know which interface to look at 3. Put "dns" into the Filter field and click "Apply" button DNS is easy to spot since it's almost always going to UDP port 53 (exceptions are really rare). Then you'll see what DNS queries your host did at the time (obviously it's best to turn off any other program that could interfere in the measurement). These things can change on version-to-version basis of the same software, so it's always best to check your actual version with wireshark. Though curl is much better than wget in all recent versions at least, this does not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is expected to run at port 9050): curl --socks5-hostname localhost:9050 "http(s)://somesite.wherever/rest_of_url" Ondrej _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
