Friday, April 22, 2011

DNS leaking with browsers

Following on this great DNS leakage test with Firefox , I ran my own simple browser privacy tests on browsers i use frequently.

Setup used for the test

- Remote SSH host

- Opera 11.10 Build 2092

- Chrome 10.0.648.205 with Proxy Switchy! 1.6.3

- Firefox 4.0

- IE 9.0.8112.16421

- Plink 0.60.9149.0

- MyEN Tunnel v3.5.2 to build TCP SSH tunnels for SOCKS5 proxy. More stable and better speed(Hulu) than opening a dynamic proxy with Putty (putty shell@xx.xx.xx.xx -fND localhost:7777)

- DNS Randomness test . Great tool for testing DNS leakage.

- Client DNS: OpenDns , ISP DNS

- Remote DNS: Remote host DNS

Results:

Browser Proxy Notes
Firefox Client Uses client DNS out of the box
Firefox with network.proxy.socks_remote_dns TRUE Remote Enable this in about:config. Tells firefox to use DNS SOCKS5
Chrome Remote  
IE Client  
Opera NA Not SOCKS compatible as of tested version.

Conclusion: Chrome has the best result out of the box. It looks up URLs using the remote DNS once you point chrome to a SOCKS5 proxy. There is no need for additional configuration or socks server traversing application.

Firefox requires an additional tweak to force remote DNS lookup.

I could not find a native way of forcing remote DNS lookup in IE. One alternative is to disable client side DNS caching in windows, probably not what you want on a corporate network. Another is to “socksify” IE with sockscap or widecap.

Opera has no socks support. Boo. There is always widecap or sockscap, but why bother when you can use chrome?

Random discovery: Your company domain admin may have a AD group policy that enables corporate proxy on your browser, overriding your SOCKS5 proxy selection. This is annoying and recurring, the browser changing to corporate proxy when you think you are surfing on the SOCKS5 proxy.

To workaround this on Chrome with Proxy Switchy, with Socks proxy selected configure the following in Switchy configuration.

Auto apply last selected proxy profile on startup.
Monitor Proxy Changes
Revert proxy changes done by other apps.

With this, you know your web traffic on Chrome is encrypted.

Posted by 桔梗 at 3:22 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)