Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monkeypatch socket DNS resolving functions #22

Open
Anorov opened this issue Apr 6, 2015 · 7 comments
Open

Monkeypatch socket DNS resolving functions #22

Anorov opened this issue Apr 6, 2015 · 7 comments

Comments

@Anorov
Copy link
Owner

Anorov commented Apr 6, 2015

I recently became aware of the fact that functions like socket.gethostbyname and socket.getaddrinfo do not construct socket objects and so will not go through the proxy when the socket class is monkeypatched. For many applications this is not a problem, but anything that manually calls the DNS resolving functions may run into problems and will also suffer from a major privacy leak, as the DNS requests will be sent unproxied.

These functions are defined in C, in socketmodule.c and getaddrinfo.c. Currently trying to determine the best way of monkeypatching these. I'd prefer not to edit and compile the C extensions themselves.
@pde
Copy link

pde commented May 2, 2015

I have a feeling this is likely to affect applications even if they do not explicitly resolve addresses themselves. The example in #24 includes an unpatched call to socket.getaddrinfo from within the socket library itself.

@JeremyRand
Copy link

There's a workaround at http://fitblip.pub/2012/11/13/proxying-dns-with-python/ . It seems it just skips the DNS lookup, under the assumption that the SOCKS proxy can handle the DNS lookup itself. Maybe that would be helpful?

@g1itch
Copy link

g1itch commented Feb 14, 2017
edited

There is a socksocket.resolve() method in the old pysocks copy inside PyBitmessage.

Isn't it what you are looking for?

@thedrow
Copy link

thedrow commented Mar 23, 2017

@JeremyRand That trick fails with:

SOCKSHTTPConnectionPool(host='httpbin.org', port=80): Max retries exceeded with url: /ip (Caused by NewConnectionError('<requests.packages.urllib3.contrib.socks.SOCKSConnection object at 0x7f34c76b9c50>: Failed to establish a new connection: illegal IP address string passed to inet_pton',))

when using requests/urllib3 at least.

@JeremyRand
Copy link

JeremyRand commented Mar 30, 2017 via email

@thedrow
Copy link

thedrow commented Apr 2, 2017

It was False. With requests you have to use the socks5h:// schema to enable rdns which was my problem. I didn't need this patch.

@JeremyRand JeremyRand mentioned this issue Sep 17, 2017
Open
@Anorov Anorov added planned and removed planned labels Jul 24, 2018
@tigerzhou100800 tigerzhou100800 mentioned this issue Dec 2, 2019
Open
@polski-g
Copy link

There's a workaround at http://fitblip.pub/2012/11/13/proxying-dns-with-python/ . It seems it just skips the DNS lookup, under the assumption that the SOCKS proxy can handle the DNS lookup itself. Maybe that would be helpful?

That page no longer exists. I extracted it from archive.is and attached it here.

Proxying DNS with python.pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@thedrow @JeremyRand @pde @Anorov @g1itch @polski-g