[tor-dev] InjectSOCKS: 2nd try

tor at herr-der-mails.de tor at herr-der-mails.de
Tue Dec 17 15:05:29 UTC 2013


Hello David,

> Yes, UDP is simply not supported by Tor thus it will be rejected
> when opening the socket. Actually, it's not only UDP that should be
> blocked but *every* other protocol except TCP. For instance, there
> is no way to send icmp request through Tor thus we don't want that
> to leak.
...
> This is dangerous and the reason why it's denied is that the
> application  could easily make a DNS request for instance to a
> local server that will then resolve it on a remote one thus
> leaking.
> 
> You should really reconsider that, going locally can be fine but
> also really dangerous.

Thanks for all the advice. I've uploaded a new version now where the 
default behavior is to block any other sockets than TCP sockets and 
to block 127.x.x.x traffic.
However, there is the optional switch /a to allow this as some 
software just needs it, e.g. Internet Explorer uses local UDP traffic 
to communicate between its processes. So the user can decide per 
process which mode to use.
The new version also has some additional tweaks and fixes.

Concerning the upper "security" feature I think that everybody using 
a software like InjectSOCKS should be aware that there are a lot of 
ways to bypass all this. You shouldn't rely on it. The goal of 
InjectSOCKS is to use software together with Tor (or other SOCKS 
servers) even if it doesn't support this. Creating a sandbox or 
disabling malware is not the goal of InjectSOCKS.
There are other tools for that and it's a good idea to have a 
firewall preventing any "bad" traffic.

Well, at least it's a proof of concept that you can manipulate the 
process behavior using this technique :-)

> I'll take a look at it and if I can find a Windows, test it.

If you just want to test it you could use the official Microsoft 
trial version running for 90 days or something like that.

> From that point on, I'll check how feasible it is to integrate what
> you did in the new torsocks code so we can have *nix and Windows
> support in the same tool, that would be quite awesome.

This sounds very interesting. My guess is that while the tools are 
similar, the internals are quite different. But this is just a guess 
:-)

Thanks for the effort.

Cheers
ghostmaker


More information about the tor-dev mailing list