PySocks icon indicating copy to clipboard operation
PySocks copied to clipboard
verified publisher icon Anorov

Make wrap_module patch socket.getaddrinfo.

Open JeremyRand opened this issue 8 years ago • 5 comments

Good day!

I'm developing a proxy leak detection tool, and thought it would be a fun challenge to use it to investigate #22. And happily it looks like I was successful. This PR makes wrap_module patch socket.getaddrinfo (preventing DNS leaks from that function), and updates the monkeypatching documentation accordingly.

I opted to use the workaround at https://github.com/Anorov/PySocks/issues/22#issuecomment-122581733 rather than the workaround at https://github.com/Anorov/PySocks/issues/22#issuecomment-279759939 , because the latter only works with SOCKS proxies that support Tor's nonstandard protocol extensions. The latter is definitely preferable if the user is certain that their proxy supports Tor's extensions; a future PR could give the user an option to choose which is used.

It's entirely possible that I've subtly broken something, as I'm not intimately familiar with the Python socket codebase, but it seems to work acceptably in my testing.

Cheers!

JeremyRand avatar Sep 17 '17 11:09 JeremyRand

Thanks for this PR. Could you please write a test for this, covering different kinds of addresses? We don't currently have any coverage for getaddrinfo().

And does this also prevent DNS leaks from gethostbyname()?

Anorov avatar Sep 18 '17 03:09 Anorov

Could you please write a test for this, covering different kinds of addresses?

Are you looking for tests that make sure it doesn't leak outside of the proxy, or tests that make sure it still behaves correctly in terms of what an application expects?

And does this also prevent DNS leaks from gethostbyname()?

I don't think it does, although I haven't tried.

JeremyRand avatar Oct 15 '17 00:10 JeremyRand

Ideally tests for both. Thanks.

Anorov avatar Dec 18 '17 19:12 Anorov

Do any of the existing tests actually check for leaks outside of the proxy? If so, could you point me to the relevant lines? If not, how do you prefer me to do that? The leak detector I wrote uses some strace magic to detect socket syscalls; if you like I can just publish the code for the leak detector and then incorporate it into the tests.

JeremyRand avatar Jul 15 '18 22:07 JeremyRand

Do any of the existing tests actually check for leaks outside of the proxy?

Not currently.

if you like I can just publish the code for the leak detector and then incorporate it into the tests.

Please do, thanks. Ideally tests shouldn't have any non-Python dependencies, but we've already broken that rule pretty badly, so whatever works should be fine for now.

Anorov avatar Jul 24 '18 07:07 Anorov