Port_Authority is causing Dns Leak

[Kraxys]

Describe the bug After having set up a socks 5 proxy in my browser (with the option "proxy Dns when using Socksv5" checked), only the Dns IP relative to my proxy should be displayed on various "Dns Leak test" sites. But when I set up the proxy with Port_Authority enabled, several of these site are displaying the not only the Dns IP relative to the proxy, but my ISP Dns IPs too.

To Reproduce Steps to reproduce the behavior:

1. Set up a socks 5 proxy in FF, with proxyfication of Dns traffic checked
2. Go to (for example) to www.grc.com/dns/dns.htm
3. The site detects only the Dns Ip relative to the proxy.
4. Install & actovate Port_Authority
5. Perform the same test on the same site a second time: The test site displays the Dns IP relative to the proxy alongside your ISP Dns IP.
6. Uninstall Port_Authority and perform the same test: Only the proxy Dns Ip is displayed.

Expected behavior When "proxy Dns when using Socksv5" is checked, only the IP relative to the proxy should be displayed.

Desktop (please complete the following information):

• OS: Win10
• Browser: FF
• Version: 89.0.

[ACK-J]

Thank you for submitting this! This is a really serious bug and I'll try to have a patch out within the week. I believe this might be happening since I send DNS queries through the built-in API to check for CNAME records that match Lexis Nexis infrastructure. I guess I don't have it set up currently to correctly handle SOCKS proxies.

[ACK-J]

After researching the issue, I noticed that this is less of a Port Authority issue and mainly an issue with the way Firefox handles the browser.dns.resolve(url.host, ["canonical_name"]); requests.

This problem has affected other addons such as uBlockOrigin and uMatrix in the past

• BugZilla Report
• uBlockOrigin Issue
• uMatrix Issue

That being said I set up a test environment with a SOCKS5 proxy with and without Port Authority. I can confirm that having Port Authority installed will cause DNS leaks. The only way I have found to prevent this is to go into about:config and change network.trr.mode to be 3.

• 3 - Only use TRR, never use the native resolver.

I'm not sure how else to fix this bug since it is the way Mozilla is handling the CNAME lookup on the backend which is causing the issue. I also can't just get rid of the CNAME DNS query since it is the way to de-cloak hidden Lexis Nexis endpoints pulling down malicious scripts. If you have any creative ideas I would to hear them :)

[ACK-J]

I have added a warning to both the add-on page for Mozilla and in the readme of the repo. If anyone knows how to fix this please reach out.

[ACK-J]

I was going to add a toggle in the GUI to change network.trr.mode to 3 but I just found out that add-ons are not allowed to make changes to about:config https://stackoverflow.com/questions/50023416/is-it-possible-to-create-a-firefox-webextension-that-changes-aboutconfig-settin

[Kraxys]

Hello,

Here is a workaround i finally found.

1) Don't use the FF UI to define & specify the proxy, use an FF addon instead (I use foxyproxy, but proxy switch omega seems fine too).

2) Use thee FF proxy UI (in Network Settings) for setting up the following "anti leak" shield : a) check "manual proxy configuration" b) in all IP fields (http, https, socks) write 0.0.0.0 or 127.0.0.1, with a random port. c) check "socks5" and "proxy dns through socks5".

Now, any DNSleak test should show only the dns used by the proxy set up in FoxyProxy.

This workaround works too when using a "vpn proxy" addon, with an added benefit: sometimes with these kinds of addon, your true ip is leaking when the browser starts, because the "vpn addon" may not activate immediately. The previous "anti leak" trick block any traffic not handled by the "vpn addon", preventing this ip leakage.