Mon 13 Jul 2009
Written by: Tw1zl3r = there is no place like 127.0.0.1
Upgrading to FireFox 3.5 is not a good idea for those who want to remain anonymous using proxy’s for socks 5 via an SSH encrypted traffic tunnel for items like http, ftp…etc or users running TOR. FireFox 3.5 has a bug and you cannot stop DNS LEAK (s). Searching the web I have found FireFox 3.5 DNS LEAK problem yet to be widely publicized…if at all.
This needs to be addressed to the community as it is a serious issue. If you don’t believe me do some investigative work and test it yourself.
Start up FireFox 3.5, enable your SSH tunnel settings using putty. I have a Linux server with open SSH that I use to proxy http traffic. Enable your ssh SOCKS proxy 127.0.0.1 and proxy port and lastly set the FireFox 3.5 about Config to true for network.proyx.socks remote.
The above settings should enable you to go wherever you want with out having DNS leaks and anonymous browsing in places such as a coffee shop or in a college doom room that has restricted access.
Turn on WireShark and let it run on your nic while you do some web surfing. If 3.5 firefox worked correctly you will not see any DNS data since you are using a socks5 proxy with the about:config toggel network.proxy.socks_remote_dns option TRUE.
The Examples Below Shows FireFox 3.5 using an SSH tunnel via putty to proxy HTTP. With all settings configured FireFox 3.5 still leaks out DNS web queries.
Tested in FireFox 3.5 32bit windows XP:
The leaking IP address 10.20.20.78
WireShark analysis on FireFox 3.5 – showing LEAKING DNS – MAKE IT RAIN!!!
The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.
The only way to be sure you are truly staying off the DNS leak trap is to roll back to FireFox 3.0.
One post is all I have been able to find about this DNS LEAK issue and it was in brevity on a FireFox IP forum. The issue has yet to be resolved. http://code.google.com/p/FireFox-showip/issues/detail?id=21#c2
WireShark analysis using FireFox 3.0 – FireFox 3.0 no leaks and everything is tunneling over SSH correctly: There was nothing to show for DNS because FireFox 3.0 is working correctly and will not show the DSN protocol because it is using remote DNS via an SSH tunnel.
Cheers,
Tw1zl3r = there is no place like 127.0.0.1
13 Responses to “Firefox 3.5 DNS LEAKS like a waterfall”
Leave a Reply
You must be logged in to post a comment.
July 13th, 2009 at 4:43 pm
Thanks for the report on DNS leaking in FF 3.5.
I just tried a quick test using FoxyProxy 2.13 configured for an “all protocols” proxy to 127.0.0.1:8080 (”SOCKS proxy?” unchecked) through an SSH tunnel to Secure-Tunnel.com. Multiple attempts at browsing new, uncached sites by name showed zero DNS queries on the wire. I even did a quick ‘ipconfig /flushdns’ to be sure I wasn’t missing anything.
Under Global Settings in FoxyProxy, I have “Use SOCKS proxy for DNS lookups”, but everything else is the default. Firefox is configured for “No proxy” since FoxyProxy does all the heavy lifting. Likewise, network.proxy.socks_remote_dns is left at the default of false.
Perhaps the double-setting of manual proxy configuration through FoxyProxy and Firefox itself is causing issues?
July 13th, 2009 at 5:14 pm
I’m not sure this is a huge issue. If the dns look-up is taking place within the network stack (i.e. the browser is offloading the request to the OS), then this would make sense. It seems to be easily corrected on your own by telling your network configuration to use an alternative dns server.
I don’t think the sky is falling per se.
July 13th, 2009 at 5:38 pm
Actually, I tested this using Firefox’s built-in proxy attachment and 3.5 along w/ 3.0.11 and both perform a dns query on the local dns server. I’m wondering if the problem you are seeing is with the FoxyProxy plug-in?
July 14th, 2009 at 2:34 am
[...] “Dit moet door de gemeenschap worden aangepakt, aangezien het een ernstig probleem is”, aldus de onderzoeker. Het probleem zit hem erin dat Firefox 3.5 alleen de lokale DNS [...]
July 14th, 2009 at 3:23 am
[...] Firefox 3.5 tunnelt DNS-Abfragen nicht. [...]
July 14th, 2009 at 11:08 am
[...] "Dit moet door de gemeenschap worden aangepakt, aangezien het een ernstig probleem is", aldus de onderzoeker. Het probleem zit hem erin dat Firefox 3.5 alleen de lokale DNS gebruikt. Zelfs [...]
July 14th, 2009 at 11:32 am
Today I download the Firefoxportable 3.5 just to try the DNS leak. I setup the SSH dynamic then set firefox to use the proxy and also the DNS setup. I used tcpdump (windows) to see any DNS leak. I didn’t find anything.
July 14th, 2009 at 1:24 pm
When I tunnel I use ipfw rules to restrict not only inbound traffic, but all outbound traffic that’s not going through the tunnel. This type of egress filtering should put any fears of DNS leaks to rest.
July 14th, 2009 at 3:38 pm
[...] very nice example of data leakage. Firefox 3.5 DNS LEAKS like a waterfall | The Edge of I-Hacked Tags: ( firefox dns [...]
July 15th, 2009 at 1:44 am
[...] [source] [...]
July 15th, 2009 at 6:00 am
[...] Tw1zl3r reports that, “The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the [...]
December 1st, 2009 at 10:29 pm
Hi,
This is now fixed in FoxyProxy Standard 2.16, FoxyProxy Basic 1.3, and FoxyProxy Plus 3.3. Try it with Wireshark to see for yourself.
If you agree that it’s fixed, I’d appreciate another blog post (or an update to this one) so people finding your blog on the internet–like me–get more accurate information.
Best regards,
Eric Jung
Author
FoxyProxy
December 1st, 2009 at 10:31 pm
Be sure to check “Use this proxy for all DNS lookups” when marking a proxy as SOCKS.