Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up[ncat] Ability to control hostname resolution for proxy destinations #1439
Conversation
nnposter
added
enhancement
Ncat
labels
Jan 22, 2019
nnposter
self-assigned this
Jan 22, 2019
jaymzh left a comment
|
From a read-through of the code, this looks like it'll solve the issue. I'm traveling the next two weeks, so I'm not sure when I'll get a chance to actually give it a shot, but I'll try to find time this this week if I can. |
| @@ -647,6 +659,7 @@ int main(int argc, char *argv[]) | |||
| " --proxy <addr[:port]> Specify address of host to proxy through\n" | |||
| " --proxy-type <type> Specify proxy type (\"http\", \"socks4\", \"socks5\")\n" | |||
| " --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server\n" | |||
| " --proxy-dns <type> Specify where to resolve proxy destination\n" | |||
This comment has been minimized.
This comment has been minimized.
jaymzh
Jan 22, 2019
probably should list the possible types here (none, local, remote, both)... and maybe what they mean...
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
jaymzh
commented
Jan 22, 2019
|
I checked out your branch and tried to build, but the build fails on: |
This comment has been minimized.
This comment has been minimized.
jaymzh
commented
Jan 22, 2019
|
Nevermind I think this is #1379 I'll give the solution there a shot. |
This comment has been minimized.
This comment has been minimized.
jaymzh
commented
Jan 22, 2019
|
local/remote/both all work as expected, thanks! I will note that |
This comment has been minimized.
This comment has been minimized.
|
Yup; my bad. Hopefully fixed. |
This comment has been minimized.
This comment has been minimized.
|
Committed as r37586. |
nmap-bot
closed this
in
dbed133
Feb 24, 2019
nnposter commentedJan 22, 2019
•
edited
In connect mode, currently all proxy destinations are directly passed onto the remote proxy server, without trying to resolve them locally. This behavior has raised some concerns.
This proposal implements a new ncat option that provides control over whether these hostnames are resolved by the remote proxy server or locally, by Ncat itself.
Usage:
local- Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.remote- Hostnames are passed directly onto the remote proxy server. This is the default behavior.both- Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.none- Hostname resolution is completely disabled. Only an IPv4 or IPv6 address can be used as the proxy destination.Note that this new option is complementing, not replacing, option
--no-dns, which controls all existing hostname resolution, such as non-proxied targets, hops, source address, and the proxy server itself.