Open NearestWater262 opened 4 months ago
erosman
commented
4 months ago FoxyProxy does not handle the DNS. All DNS queries are handled by the browser and therefore it is a browser issue.
The DNS leak issues have been reported to Firefox and it is due to be sorted.
NearestWater262
commented
4 months ago wow, did not know this, thanks. Pretty amazing that such a major functionality on a privacy focused browser is leaking for so long!
hazeyez
commented
3 months ago FoxyProxy does not handle the DNS. All DNS queries are handled by the browser and therefore it is a browser issue.
The DNS leak issues have been reported to Firefox and it is due to be sorted.
Instead of creating a new issue on here I'm just responding to this because it's relevant....
Why does FoxyProxy have an option to toggle Proxy DNS on and off then?
erosman
commented
3 months ago Why does FoxyProxy have an option to toggle Proxy DNS on and off then?
@hazeyez Proxy DNS is an option of Firefox. (See Firefox menu -> Settings -> Network Settings)
FoxyProxy simply tells Firefox to use that option but the actual DNS query is performed by Firefox and extensions have no control over it.
hazeyez
commented
3 months ago @erosman understood thanks for that info. are you willing to help guide me/us in how to get firefox configged so that dns doesnt leak when using foxyproxy? i'm aware of the firefox network settings, Proxy DNS when using SOCKS v5 is actually "on" and the issue appears to reside in the actualy about:config firefox network/socks settings. I've been toying with this for weeks, really. I need some sort of professional help here if you're able to. thanks!
erosman
commented
3 months ago @hazeyez DNS leak usually is not a major security concern. It is only visible if a server administrator monitors DNS queries. Furthermore, both systems and browsers cache DNS so the request is usually made once.
If you point out the exact circumstance where a leak occurs, there might be some workaround until the issue is sorted by Firefox.
Administrators often monitor port 53 for DNS queries. If you are able to use other ports e.g. OpenDNS port 5353, that would prevent DNS logging.
akarelas
commented
2 months ago I use Firefox, and I get the same problem (DNS leaking, according to this page) when I use FoxyProxy attached to one of my Firefox Multi-User Containers. Specifically, I see the correct DNS server, as well as my browser's DNS servers (all together).
I don't get that problem when using the browser's main SOCKS 5 settings instead of FoxyProxy's.
Should I report this on Firefox's bugtracker?
erosman
commented
2 months ago Should I report this on Firefox's bugtracker?
I think they already have enough data on that bug tracker. It might complicate the matter to add proxy WebExtension API into the mix. Once the underlying problems are solved, I would imagine the proxy API will be sorted as well.
Please also note that both browser and the system cache DNS responses. Therefore, testing must be done after a complete restart and/or after flushing the DNS cache of both.
akarelas
commented
2 months ago Noted.
However strace shows me that my computer's DNS servers are accessed when they shouldn't (as opposed to what happens when I set browser's normal SOCKS 5 settings).
erosman
commented
2 months ago However strace shows me that my computer's DNS servers are accessed when they shouldn't (as opposed to what happens when I set browser's normal SOCKS 5 settings).
Is that for the domain that is being proxied? Are you using patterns or single proxy for all? Are you using local or remote proxy server? Is the proxy server a domain or IP?
For example, when using the proxy a.proxy.com for all connections and trying to connect to https://example.com/ webpage, the browser will make a DNS request for a.proxy.com but shouldn't make one for example.com .
When using patterns for ://example.com/ and that page contains elements (e.g. images) from a.example.com which is not proxied, browser will make a DNS request for a.example.com since it is not proxied.
akarelas
commented
2 months ago I don't know it it's for the domain being proxied, because the lines in strace were truncated for some reason (and I don't know how to un-truncate this output).
But approximately half of the many requests being made during my visit to https://www.dnscheck.tools/ were to my DNS servers port 53 They were many.
My computer's DNS servers are declared numerically in etc/resolv.conf.
erosman
commented
2 months ago Website tools use JavaScript and fetch API which is a totally different layer than the proxy API.
When I tested, the data doesn't have any direct correlation to my configuration.
In order to test DNS request, you would need to use a network protocol analyzer installed on your computer (e.g. WireShark or similar).
akarelas
commented
2 months ago I don't get it - is it possible that my DNS does not leak, while the website tools website (dnscheck.tools) displays my computer's DNS servers?
akarelas
commented
2 months ago Ok I'll check wireshark, too
https://f-droid.org/en/packages/us.spotco.fennec_dos/
one of the more popular gecko based android choices for privacy folks
if I go to ipleak.net with a simple socks5 configured in foxy proxy, it detects both my system DNS and my socks proxy's DNS.
yes I have ProxyDNS enabled on the proxy config
no i dont have any special filtering
https://github.com/foxyproxy/firefox-extension/issues/141
i am also aware of the above issue but whether i enable or disable the Unclock option in uBlock, it still leaks DNS
i also tried disabled uBlock altogether and also tried disabled Encrypted Client Hello ECH, but those didnt work either, so i think this is a foxy proxy issue