search

sandboxie-plus / Sandboxie

Sandboxie Plus & Classic
https://Sandboxie-Plus.com
GNU General Public License v3.0
13.81k stars 1.54k forks source link

Internet Proxy is easy to bypass when you have a wrong setting #4207

Open love-code-yeyixiao opened 2 months ago

love-code-yeyixiao commented 2 months ago

Describe what you noticed and did

Occasionally, applications can have direct access to the network when proxy server are unavailable or proxy configuration changes occur. Not everyone wants to be directly monitored by a network provider to a communications destination, and by the time he realizes that direct connectivity has occurred, it’s too late. In addition, the SOCKS5 proxy can not forward non-TCP or non-UDP connection traffic, which may lead to some niche connection protocol programs also bypass the proxy and directly access, there should be an option to block this unproxied connection traffic. Furthermore, sandbox-level proxies will not work when system-level proxies are set.

How often did you encounter it so far?

Not relevant.

Expected behavior

When the proxy is set up incorrectly, no connection will be accepted. When there is non-TCP or non-UDP traffic without a proxy, you can intercept all of it. When there are system-level proxies (even local proxies) , you can prevent the program from sending traffic to them instead, perhaps by preventing the program from sending traffic to IP addresses other than proxies.

Affected program

Not relevant.

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

1.14.6

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression from previous versions?

No response

In which sandbox type you have this problem?

Not relevant to my request.

Can you reproduce this problem on a new empty sandbox?

Not relevant to my request.

What is your Windows edition and version?

Not revelant.

In which Windows account you have this problem?

Not relevant to my request.

Please mention any installed security software

Not relevant.

Did you previously enable some security policy settings outside Sandboxie?

No response

Trace log

No response

Sandboxie.ini configuration

No response

bastik-1001 commented 2 months ago

(GitHub shows a reply, even if there is no comment, beside mine, I guess, once I click "Comment". Now it shows only 1 reply, must be a glitch of some sort.)

It failed hard in my attempts and in David's attempts, which should be a good start. Improvements are welcome and depending on the impact needed, if it is all too easy to have it bypass the SOCKS5 proxy Sandboxie points to.

I had forgotten that ping (for example) uses ICMP and SOCKS handles TCP and UDP, which can be a privacy concern, and it can be used to exfiltrate data, e.g. by resolving, b.example.com a.example.com d.example.com to spell something (bad) or even thisisthesecret.com if the attacker can observe or handle the requests.

love-code-yeyixiao commented 2 months ago

There is a cookie stealer program,it could comment a link include virus under any issues in stole account,and it spread by this way.Github has already improve a way to delete such dangerous comment in automanic ways.

---Original--- From: @.> Date: Fri, Sep 6, 2024 03:24 AM To: @.>; Cc: @.**@.>; Subject: Re: [sandboxie-plus/Sandboxie] Internet Proxy is easy to bypass whenyou have a wrong setting (Issue #4207)

(GitHub shows a reply, even if there is no comment, beside mine, I guess, once I click "Comment". Now it shows only 1 reply, must be a glitch of some sort.)

I've just reported to GitHub a discrepancy with the participants number, we'll see.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>