#27822 closed defect (fixed)

TBA is leaking DNS

Reported by: cypherpunks3 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile tbb-proxy-bypass
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

TBA is making DNS queries outside proxy. Almost every domain is leaking.

Child Tickets

Change History (7)

comment:1 in reply to:  description Changed 15 months ago by Dbryrtfbcbhgf

Last edited 15 months ago by Dbryrtfbcbhgf (previous) (diff)

comment:2 Changed 15 months ago by traumschule

Keywords: tbb-proxy-bypass added
Parent ID: #21863

comment:3 Changed 15 months ago by cypherpunks3

Steps to reproduce this bug:

  1. Record DNS requests
  2. Open some websites in TBA

I opened a few websites in TBA and recorded the DNS replies using tcpdump. I opened ebay.com, craigslist.org, netflix.com, bing.com, twitter.com, pinterest.com, torproject.org, 3g2upl4pq6kufc4m.onion (duckduckgo onion address)

Here are the logs
q: A? ir.ebaystatic.com. 1/0/0 ir.ebaystatic.com. [5m] A 92.123.82.129 (51)
q: A? copenhagen.craigslist.dk. 1/0/0 copenhagen.craigslist.dk. [1h] A 208.82.237.2 (58)
q: A? assets.nflxext.com. 1/0/0 assets.nflxext.com. [5m] A 2.18.232.136 (52)
q: A? www.bing.com. 1/0/0 www.bing.com. [5m] A 13.107.21.200 (46)
q: A? abs.twimg.com. 1/0/0 abs.twimg.com. [5m] A 104.244.46.199 (47)
q: A? s.pinimg.com. 1/0/0 s.pinimg.com. [5m] A 23.35.115.223 (46)
q: A? www.torproject.org. 1/0/0 www.torproject.org. [5m] A 138.201.14.197 (52)
q: A? 3g2upl4pq6kufc4m.onion. 1/0/0 3g2upl4pq6kufc4m.onion. [1m] A 10.255.165.235 (56)

These replies only appear if DNS is leaking.

comment:4 Changed 15 months ago by sysrqb

Status: newneeds_information

Thanks for reporting this! How did you install TBA? Was this in an Android emulator? What Android version did you use? Can you provide more detail about how you tested this?

Thanks!

comment:5 Changed 15 months ago by gk

Parent ID: #21863

No need to reopen #21863 here. Alas, Trac does not allow to block already closed bugs (as bugzilla for instance is doing). So, we take it from there and used #21863 just for the pre-alpha bugs and go with new bugs as they come.

comment:6 Changed 14 months ago by new_user

i tested this bug on android no leaks for me.
steps-

  1. install adway(root) click log dns and click tcpdump
  2. start orbot
  3. tested with tor alpha and orfox
  4. no leaks via proxy
  5. as expected normal browsing without tor showing dns request in the logs.

comment:7 Changed 12 months ago by gk

Resolution: fixed
Status: needs_informationclosed

I think this got fixed in a recent alpha. Please reopen with steps to reproduce if anyone is still seeing issues.

Note: See TracTickets for help on using tickets.