Jump to content
HellScream

avoiding dns leakage

By HellScream, in Tutoriale in engleza

Recommended Posts

HellScream Newbie

HellScream

Posted
Posted

BEFORE YOU CONTINUE BEAR IN MIND THAT AFTER FOLLOWING STEPS IN THIS TUTORIAL ALL YOUR DNS REQUESTS WILL GO OVER TOR NETWORK, EVEN THOSE FROM APPS YOU USE TO CRUISE THE CLEARNET

it will definitely slow down your net.

if you have any issues with that you should think about some other solutions.

before we begin i assume you're on linux os, with tor up and running.

okay, let's get started.

we need a dns server that is able to send dns requests over tcp. ttdnsd ( ttdnsd : The TOR TCP DNS Daemon ) does the job just fine. download latest (0.2 - july 2007) version here http://www.mulliner.org/collin/feed/ttdnsd-0.2.tar.gz . (you could install it by apt-get if you're on debianish linux distro [ubuntu, backtrack], but it probably will be installed as system's default dns server along with some conf files and startup scripts, and we don't want that)

we need proxychains to make ttdnsd work. you can "apt-get install proxychains" it, or get the sources here ProxyChains - TCP and DNS through proxy server. HTTP and SOCKS

ttdnsd would suffice, but it doesn't cache requests. when using tor dns response varies from few hundred ms to few secs. that's when dnsmasq comes into play. it can be used as full capable dns server, but we only need it for it's caching abilities. as with proxychains, you can either "apt-get install dnsmasq" it, or get source here Index of /dnsmasq

now make sure you have proxychains working, dnsmasq up and running as deamon, and compiled ttdnsd binary in executable path (/usr/sbin will do).

the idea is to have such a configuration, so that any dns request follow specific path like in this example:

- some more or less inocennt app asks what the ip of "obamapc.whitehouse.gov" is

- if dnsmasq doesn't know the answer (it's not cached) it asks ttdnsd

- ttdnsd connects to a dns sever on the net over TOR, and gives returned ip addres to dnsmasq

- dnsmasq serves ip to an app and caches it for later use

we can achieve it by doing following:

1) change some options in /etc/dnsmasq.conf:

- set 'resolv-file' to something like ie. "/etc/resolv.conf.dnsmasq"

- set 'listen-address' to 127.0.0.1

- uncomment 'bind-interface'

2) make a new file called /etc/resolv.conf.dnsmasq [or whatever you chose in step 1] with a single line "nameserver 127.0.0.10"

3) make a new file called /etc/resolv.conf.ttdnsd and put a single line with ip address of a public dns server that serves request over tcp. "4.2.2.2" works for me, but you're free to choose your own. you can put more than one ip here.

4) put only "nameserver 127.0.0.1" in your /etc/resolv.conf

5) now test this config by

- start wireshark and apply "dns" filter to watch dns traffic

- restarting dnsmasq so it takes our changes into consideration ;)

- starting ttdnsd like this "proxychains ttdnsd -f /etc/resolv.conf.tor -d -b 127.0.0.10"

- dig microsoft.com

- dig microsoft.com again

if everything went well, there should be no visible dns traffic in wireshark. first request for ip of microsoft.com should take some time to finish, as it's going through tor network. second request should be served from dnsmasq cache in few ms.

let's make sure this config stays for good. first of all, dhcp clients and some network manager like to overwrite /etc/resolv.conf file with their own variations of it. make sure it doesn't happen: "chattr +i /etc/resolv.conf" should prevent any modifications. second, dnsmasq should start at boot time as a deamon, but ttdnsd doesn't. make manual startup files and make sure they're executed during boot. if you use debian-based system like me, you can make /etc/init.d/ttdnsd file containing:

Code: Select all

#! /bin/sh

# /etc/init.d/ttdnsd

case "$1" in

start)

echo "Starting script ttdnsd"

proxychains ttdnsd -f /etc/resolv.conf.tor -d -b 127.0.0.10

;;

stop)

echo "Stopping script ttdnsd"

echo "killall -9 ttdnsd"

;;

*)

echo "Usage: /etc/init.d/ttdnsd {start|stop}"

exit 1

;;

esac

exit 0

and then running "update-rc.d ttdnsd defaults". if you're running some other linux distro, make sure that "proxychains ttdnsd -f /etc/resolv.conf.tor -d -b 127.0.0.10" is executed during boot.

well, that's it. after reboot all your dns requests should be routed through TOR. keep an eye on wireshark log window just to be sure tough ;)

you can now comment "proxy-dns" option in /etc/proxychains.conf and run "proxychains anyapp www.whatever.com" with out it making dns requests for EVERY FREAKIN CONNECTION it makes.

i've been running on this config for a while now, and haven't run into any problems. if you have some issues or problems with this tut, feel free to post them and i'll try to help.

stay safe

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...