Closed Kraxys closed 2 years ago
Thank you for submitting this! This is a really serious bug and I'll try to have a patch out within the week. I believe this might be happening since I send DNS queries through the built-in API to check for CNAME records that match Lexis Nexis infrastructure. I guess I don't have it set up currently to correctly handle SOCKS proxies.
After researching the issue, I noticed that this is less of a Port Authority issue and mainly an issue with the way Firefox handles the browser.dns.resolve(url.host, ["canonical_name"]);
requests.
This problem has affected other addons such as uBlockOrigin and uMatrix in the past
That being said I set up a test environment with a SOCKS5 proxy with and without Port Authority. I can confirm that having Port Authority installed will cause DNS leaks. The only way I have found to prevent this is to go into about:config
and change network.trr.mode
to be 3
.
I'm not sure how else to fix this bug since it is the way Mozilla is handling the CNAME lookup on the backend which is causing the issue. I also can't just get rid of the CNAME DNS query since it is the way to de-cloak hidden Lexis Nexis endpoints pulling down malicious scripts. If you have any creative ideas I would to hear them :)
I have added a warning to both the add-on page for Mozilla and in the readme of the repo. If anyone knows how to fix this please reach out.
I was going to add a toggle in the GUI to change network.trr.mode
to 3
but I just found out that add-ons are not allowed to make changes to about:config
https://stackoverflow.com/questions/50023416/is-it-possible-to-create-a-firefox-webextension-that-changes-aboutconfig-settin
Hello,
Here is a workaround i finally found.
1) Don't use the FF UI to define & specify the proxy, use an FF addon instead (I use foxyproxy, but proxy switch omega seems fine too).
2) Use thee FF proxy UI (in Network Settings) for setting up the following "anti leak" shield : a) check "manual proxy configuration" b) in all IP fields (http, https, socks) write 0.0.0.0 or 127.0.0.1, with a random port. c) check "socks5" and "proxy dns through socks5".
Now, any DNSleak test should show only the dns used by the proxy set up in FoxyProxy.
This workaround works too when using a "vpn proxy" addon, with an added benefit: sometimes with these kinds of addon, your true ip is leaking when the browser starts, because the "vpn addon" may not activate immediately. The previous "anti leak" trick block any traffic not handled by the "vpn addon", preventing this ip leakage.
Describe the bug After having set up a socks 5 proxy in my browser (with the option "proxy Dns when using Socksv5" checked), only the Dns IP relative to my proxy should be displayed on various "Dns Leak test" sites. But when I set up the proxy with Port_Authority enabled, several of these site are displaying the not only the Dns IP relative to the proxy, but my ISP Dns IPs too.
To Reproduce Steps to reproduce the behavior:
Expected behavior When "proxy Dns when using Socksv5" is checked, only the IP relative to the proxy should be displayed.
Desktop (please complete the following information):