Make wrap_module patch socket.getaddrinfo. #91
Conversation
…taddrinfo also gets patched.
|
Thanks for this PR. Could you please write a test for this, covering different kinds of addresses? We don't currently have any coverage for And does this also prevent DNS leaks from |
Are you looking for tests that make sure it doesn't leak outside of the proxy, or tests that make sure it still behaves correctly in terms of what an application expects?
I don't think it does, although I haven't tried. |
|
Ideally tests for both. Thanks. |
|
Do any of the existing tests actually check for leaks outside of the proxy? If so, could you point me to the relevant lines? If not, how do you prefer me to do that? The leak detector I wrote uses some |
Not currently.
Please do, thanks. Ideally tests shouldn't have any non-Python dependencies, but we've already broken that rule pretty badly, so whatever works should be fine for now. |
Good day!
I'm developing a proxy leak detection tool, and thought it would be a fun challenge to use it to investigate #22. And happily it looks like I was successful. This PR makes
wrap_modulepatchsocket.getaddrinfo(preventing DNS leaks from that function), and updates the monkeypatching documentation accordingly.I opted to use the workaround at #22 (comment) rather than the workaround at #22 (comment) , because the latter only works with SOCKS proxies that support Tor's nonstandard protocol extensions. The latter is definitely preferable if the user is certain that their proxy supports Tor's extensions; a future PR could give the user an option to choose which is used.
It's entirely possible that I've subtly broken something, as I'm not intimately familiar with the Python socket codebase, but it seems to work acceptably in my testing.
Cheers!