search

qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
25.98k stars 3.82k forks source link

Wrong http/https proxy headers #8972

Closed falcon4fun closed 3 years ago

falcon4fun commented 6 years ago

qBittorrent version and Operating System

qBittorrent/4.1.0 Win7 x64

What is the problem

Qbittorrent cant normally work with http/s proxies. It sends wrong header. Every time passing the proxy query will be broken because of "Host" parameter. https://i.imgur.com/0k8VXFY.png

Maybe socks4/5 will be broken too, but as I remember it works normally.

What is the expected behavior

Another client sends normal "host" param. So every tracker works well https://i.imgur.com/l9r5ZsC.png

Steps to reproduce

Why the program inserts proxy to "Host" param in every request breaking most of http/https queryes if server looks for normally formatted requests? https://i.imgur.com/JR5nTeu.png

The problem persists on 4.10, 3.3.16, 3.2.0 and, I suppose, all versions between and lower. I haven't checked all versions.

dzmat commented 6 years ago

According to RFC7230 section 5.3 and section 5.4 both clients sends non-suitable for proxy headers, because of absence of authority part (server name) in GET method line. May be proxy is configured in some weird way, so that programs are not aware of it existence?

Also qbittorrent probably erroneously send IP instead of FQDN of server in host part of request, but I'm not sure because don't know what was the original tracker URI. If tracker URI does not contain IP itself, than there is a bug on qBittorrent/libtorrent side. @falcon4fun could you please say what is the original tracker URI in a case with qBittorrent sample?

falcon4fun commented 6 years ago

@dzmat If i correctly understand, it's http://plab.site/ann?uk=[passkey] which corresponds to pornolab.net

Futhermore, I tryed to check with 146% working 3proxy with config like: proxy -p3773 -n -a And still getting wrong host in the request and proxy server ip:port transfers to all trackers inside. Sounds like some kind of security issue ¯_(ツ)_/¯ Screenshot from smsniff http/s: https://i.imgur.com/yL66koJ.png

So, it's not a problem with proxy servers because 3 of them works fine with another clients :)

username30 commented 5 years ago

Hello, I'm totally confirm this qBittorrent behaviour in v4.1.5 as well. I use this qbittorrent_2019-01-17_05-20-59 configuration for qBittorrent and Privoxy as my local proxy.

I've used Wireshark to see what exactly happening and here are results of my investigation. When I set qBittorrent not to use proxy, i.e. set options this way qbittorrent_2019-01-17_05-25-22 I get this GET packet: wireshark_2019-01-17_05-26-35 note the Host header having correct announcer address.

Now I switch qBittorrent to use proxy, i.e. set options this way qbittorrent_2019-01-17_05-20-59 and I get this GET packet: wireshark_2019-01-17_05-32-08 not the Host header representing the proxy's address, not the announcer's one!

I've got bandaid solution with Privoxy's user filter technique fixing broken header, but this definitely should be fixed in qBittorrent itself.

username30 commented 5 years ago

Confirm this issue in v4.1.6 (64-bit) as well.

falcon4fun commented 5 years ago

Confirm this issue in v4.1.6 (64-bit) as well.

Nobody except us tryed to use proxy :D sad trombone sound

Offtop: I really love bugreps. I reported to one program devs they have problem with hardcoded temp file. They said it was alright and they use GetTempPath method. I saw the problem again after year. And reported them with compiled program which use GetTempPath method which find correct temp dir and their program don't and asked to open their code. They said: oh. yeah. we found problem. We used %windir%\temp for this file. 🤦‍♂ Moral: nobody will fix it. :D

dzmat commented 5 years ago

Scrape requests to tracker are generated by the libtorrent. There is suspicious part with "host" parameter generation at https://github.com/arvidn/libtorrent/blob/16acd9ebe1932b802144f4637a26601daa111ab4/src/http_connection.cpp#L187 , but I can not reproduce error in url part of request. In my case capture looks like this:

GET http://bt4.t-ru.org/ann?magnet&<<<here all parameters>>>&redundant=0 HTTP/1.1
Host: 127.0.0.1:3128
User-Agent: qBittorrent/4.1.6
Accept-Encoding: gzip
Connection: close
dzmat commented 5 years ago

Meanwhile I have managed to create distro with patched libtorrent. Testers are welcome! Archive is available at https://yadi.sk/d/cqGjLteRiq5yFg Unpack to some new folder (but NOT in "c:\program files\qbittorent") and run exe. I want to know if it do the job. On my machine it looks like it did.

dzmat commented 5 years ago

@patch3proxyheaders915360 Patch in your pull request is literally the same as mine. So you have done all the job, while I was waiting for feedback :) .

xavier2k6 commented 3 years ago

Thanks for the report, unfortunately it's too old a version now. If you can reproduce this in latest 4.3.3, please create a "new issue"