search

salarcode / SmartProxy

Firefox/Chrome browser extension. SmartProxy will automatically enable/disable proxy for the sites you visit, based on customizable patterns.
https://addons.mozilla.org/en-US/firefox/addon/smartproxy/
GNU General Public License v3.0
1.94k stars 120 forks source link

DNS leak with firefox ? #399

Open flyingfeather99 opened 2 months ago

flyingfeather99 commented 2 months ago

update: more testing, zero omega cause dns leak too, only firefox manual proxy setting is ok

Description

Firefox with SmartProxy may cause DNS leak.

Steps to Reproduce

windows11 firefox 129.0.2 (64-bit) smartproxy 1.5

case result
firefox + smartproxy dns leak
firefox + firefox custom proxy setting no leak
firefox + zero omega no leak
chrome + smartproxy no leak

dns leak test zero omega

leak: dns leak

no leak: image

Which browsers did you test this on?

Chrome, Firefox

Affected browser versions

windows firefox 129.0.2 (64-bit)

Affected SmartProxy versions

1.5

Screenshots of the problems or steps to reproduce

No response

Any additional context

No response

salarcode commented 2 months ago

What is the type of proxy you have tried, Http or Socks5 ?

flyingfeather99 commented 2 months ago

What is the type of proxy you have tried, Http or Socks5 ?

@salarcode Both of two led to DNS leak. And of cause i checked the "proxy dns when using socks5".

salarcode commented 2 months ago

With Http proxies, DNS is expected to leak as there no option available for extensions to enable DNS over HTTPS. Related to #160 and the Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1455425

As for Socks5 i'm not sure, maybe make sure the DNS feature is working fine in your Socks 5 server?

salarcode commented 2 months ago

Also try in Always Enable mode first. In Smart mode the rules will apply if the rule domain matches

flyingfeather99 commented 2 months ago

Also try in Always Enable mode first. In Smart mode the rules will apply if the rule domain matches

Is domain matching just comparing strings, not resolving DNS?

but anyway, it looks like a firefox bug. https://bugzilla.mozilla.org/show_bug.cgi?id=1799411

salarcode commented 1 month ago

Thanks for linking that bug, it seems that the problem comes down to the proxy.onRequest event which only works on HTTP based protocols. Firefox needs to do something about this but since that bug is reported 2 years ago - knowing the Firefox devs pace - expect another 5 years for that to be fixed!

Typhonling commented 1 month ago

~~At this stage there seems to be only one solution, in the DNS over HTTPS settings, use “Max Protection” to point to custom DNS servers. But if the pointing DNS server does not have triage rules, this will not be the best solution. A more reasonable solution would be to use a socks5 proxy software that comes with a shunt. smartproxy uses Always Enable mode and points to this socks5 proxy. And Max Protection points to the same socks5 proxy. But that would seem to defeat the need to use smartproxy. Just using firefox's own proxy settings would be sufficient.~~

I think I found the probable cause. https://community.geph.io/t/topic/3541/11 Are you using ublock origin? Following the instructions in the link, I turned off the uncloak-canonical-names feature and fixed the DNS leak.