Don't require sudo

[garbados]

Binding to port 80 and modifying the local hostfile require root permissions. That's a lot to ask of a user. We should find a way that requires fewer permissions.

[ekaitz-zarraga]

If I understood correctly you are making a MITM like application who stores Dat files locally and if the file is locally stored it directs the user to the local file. Right?

I think I know a way to overcome this sudo issue but changing the infrastructure.

Convert dat-boi in a proxy that runs in the local machine.

https://en.wikipedia.org/wiki/SOCKS

You can make it be a daemon which is running in the host machine. When it receives a query, it might resolve the domain as you do at the moment. I mean, make the domain resolution in a separated process instead of in the standard way, that way you avoid touching the hostfile.

In order to use this configuration, the browsers can be configured to proxy the queries to localhost:something to a SOCKS proxy so there's no trouble with that point.

For command line apps you can provide a tool which redirects the traffic to the proxy.

You can learn about this taking a look to Tor's onion address resolution scheme. It's almost the same thing.

Instead of making what you do where you are hacking systems hostname resolution, you can provide a service which does that and tell the user to use it. The configuration is simple.

[garbados]

Having the user type localhost:[port] in the browser seems like it defeats the purpose of custom domains. The user should be able to type [domain] in their browser and have it resolve without the use of external DNS. How does a SOCKS server get the browser to interpret [domain] correctly instead of making the user type in localhost:[port]?

[garbados]

Alternatively, dat-boi could operate a local nameserver, and include instructions on how to configure the computer to recognize it.

[ekaitz-zarraga]

No no. Go to the network config on your browser. You can set it to use a proxy by default. If you make it, all the queries you make with the browser will go to the proxy. You only have to configure that once.

In tor, when you write an Onion address in the browser it's resolved by the proxy and you can navigate using Onion addresses like if they were standard domains.

The socks doesn't solve the the resolve issue it's a thing that plays well with the browser:

the browser says: "hey proxy, can you ask for github.com and give me the answer back? and the socks says: "sure bro." Then checks if github.com is a registered domain, if it is, it returns the content of the local file. If it isn't it sends the query to github.com and returns the result.

Get what I mean?

[garbados]

i understand. i'll look into it. thanks for the tip :)

[garbados]

So I went and looked into it. Thanks for recommending this approach! I’m going to see about making a PR that uses a socks5 proxy instead of making hostfile modifications.

[garbados]

(Sorry for being prickly about it. Offline things.)

[ekaitz-zarraga]

Don't worry about that, that's your job. My job was to defend my approach and yours was to try to find a problem on it.

:dancer:

I'm feeling really useful today. Thank you for giving me the chance to help.

[ZiTAL]

I usually used proxy solution to achieve this:

You can use mod_proxy from apache: https://stackoverflow.com/questions/9180687/apache-port-forward

Or proxy_pass from nginx https://serverfault.com/questions/536576/nginx-how-do-i-forward-a-http-request-to-another-port

[millette]

3 other ways:

• CAP_NET_BIND_SERVICE
• iptable
• authbind