Skip to content

/ nmap

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ncat] Ability to control hostname resolution for proxy destinations #1439

Closed
wants to merge 3 commits into from
Closed

[ncat] Ability to control hostname resolution for proxy destinations #1439

wants to merge 3 commits into from

Conversation

@nnposter
Copy link

nnposter commented Jan 22, 2019
edited

In connect mode, currently all proxy destinations are directly passed onto the remote proxy server, without trying to resolve them locally. This behavior has raised some concerns.

This proposal implements a new ncat option that provides control over whether these hostnames are resolved by the remote proxy server or locally, by Ncat itself.

Usage:

ncat   ...   --proxy-dns local | remote | both | none

  • local - Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.

  • remote - Hostnames are passed directly onto the remote proxy server. This is the default behavior.

  • both - Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.

  • none - Hostname resolution is completely disabled. Only an IPv4 or IPv6 address can be used as the proxy destination.

Note that this new option is complementing, not replacing, option --no-dns, which controls all existing hostname resolution, such as non-proxied targets, hops, source address, and the proxy server itself.
nnposter added 2 commits Jan 22, 2019
@nnposter
Upload source code
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
44124fe
@nnposter
Upload doc files
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
bbbf7e6
This was referenced Jan 22, 2019
Closed
Closed
@nnposter nnposter self-assigned this Jan 22, 2019
@jaymzh
jaymzh reviewed Jan 22, 2019
View changes
Copy link

jaymzh left a comment

From a read-through of the code, this looks like it'll solve the issue. I'm traveling the next two weeks, so I'm not sure when I'll get a chance to actually give it a shot, but I'll try to find time this this week if I can.
ncat/ncat_main.c
@@ -647,6 +659,7 @@ int main(int argc, char *argv[])
" --proxy <addr[:port]> Specify address of host to proxy through\n"
" --proxy-type <type> Specify proxy type (\"http\", \"socks4\", \"socks5\")\n"
" --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server\n"
" --proxy-dns <type> Specify where to resolve proxy destination\n"

This comment has been minimized.

Sign in to view
Copy link
@jaymzh

jaymzh Jan 22, 2019

probably should list the possible types here (none, local, remote, both)... and maybe what they mean...

This comment has been minimized.

Sign in to view
Copy link
@nnposter

nnposter Jan 22, 2019

Author

Not enough space if we want to keep it on a single line
@jaymzh

This comment has been minimized.

Sign in to view
Copy link

jaymzh commented Jan 22, 2019

I checked out your branch and tried to build, but the build fails on:

make: *** No rule to make target `nbase/nbase_addrset.h', needed by `targets.o'.  Stop.
@jaymzh

This comment has been minimized.

Sign in to view
Copy link

jaymzh commented Jan 22, 2019

Nevermind I think this is #1379 I'll give the solution there a shot.
@jaymzh

This comment has been minimized.

Sign in to view
Copy link

jaymzh commented Jan 22, 2019

local/remote/both all work as expected, thanks! I will note that none is not considered a valid option, despite the docs, you get:

Ncat: Invalid proxy DNS type. QUITTING.
@nnposter
Add missing "else"
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
80818a5
@nnposter

This comment has been minimized.

Sign in to view
Copy link
Author

nnposter commented Jan 22, 2019

Yup; my bad. Hopefully fixed.
@nnposter

This comment has been minimized.

Sign in to view
Copy link
Author

nnposter commented Feb 23, 2019

Committed as r37586.
@nmap-bot nmap-bot closed this in dbed133 Feb 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jaymzh jaymzh

Assignees

@nnposter nnposter

Labels
Ncat enhancement
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@nnposter @jaymzh
You can’t perform that action at this time.