Delivery-Date: Sat, 04 Jul 2015 11:21:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 553D11E0C0A;
	Sat,  4 Jul 2015 11:21:05 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9D23534A2E;
	Sat,  4 Jul 2015 15:21:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A174C34A2C
 for <tor-talk@lists.torproject.org>; Sat,  4 Jul 2015 15:20:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZGo3iq9rIf9d for <tor-talk@lists.torproject.org>;
 Sat,  4 Jul 2015 15:20:59 +0000 (UTC)
Received: from melchior.bamsoftware.com (melchior.bamsoftware.com
 [IPv6:2600:3c00::f03c:91ff:fe96:a467])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 8A87F34A28
 for <tor-talk@lists.torproject.org>; Sat,  4 Jul 2015 15:20:59 +0000 (UTC)
Received: from 184-23-16-244.dsl.static.fusionbroadband.com ([184.23.16.244]
 helo=localhost) by melchior.bamsoftware.com with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84)
 (envelope-from <david@bamsoftware.com>)
 id 1ZBPFQ-00026V-2U; Sat, 04 Jul 2015 09:20:56 -0600
Date: Sat, 4 Jul 2015 08:20:52 -0700
From: David Fifield <david@bamsoftware.com>
To: grarpamp <grarpamp@gmail.com>, tor-talk@lists.torproject.org,
 Andrew Jason Farabee <afarabee@uci.edu>, Nmap dev <dev@nmap.org>
Message-ID: <20150704152052.GD3387@happy.bamsoftware.com>
Mail-Followup-To: grarpamp <grarpamp@gmail.com>, tor-talk@lists.torproject.org,
 Andrew Jason Farabee <afarabee@uci.edu>, Nmap dev <dev@nmap.org>
References: <55967EFB.8030203@gmail.com> <5596A269.9090201@infosecurity.ch>
 <CAD2Ti2_hAuT6R2oGaZbKjFGj5N1B6NmdA2eAPdmjW8F0yAk9cg@mail.gmail.com>
 <5596FDC6.9030708@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <5596FDC6.9030708@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam_score: -2.9
X-Spam_bar: --
Subject: Re: [tor-talk] Fwd: CALL FOR TESTING: new port scanning subsystem
 (allows scanning behind proxies, including Tor!)
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Jul 03, 2015 at 11:25:26PM +0200, Jacek Wielemborek wrote:
> W dniu 03.07.2015 o 22:01, grarpamp pisze:
> >> One of the features that my modifications enable is performing port
> >> scanning behind proxies. I only scanned it using SOCKS4 server built
> >> into Tor
> >>
> >> ./nmap -sT --proxy socks4://localhost:9050 scanme.nmap.org
> >>
> >> Please do note that even though port scanning within Tor is possible,
> >> you cannot scan .onion names due to lack of SOCKS4A support.
> > 
> > SOCKS4 and SOCKS4A are old and deprecated and should not
> > be implemented (unless you're also implementing the current SOCKS5
> > and adding in 4/4A as a bonus).
> > 
> > Tor supports SOCKS5 (and the deprecated 4/4A but it will complain).
> > So scanning onions and anything else by name should be possible.
> > 
> > SOCKS5 also supports IPv6 which is becoming the way of things.
> > Therefore, implement SOCKS5 :)
> 
> I think that SOCKS5 support within Nsock library (on which my
> modification depends) is planned. SOCKS5 also supports UDP, so it could
> bring even more benefits. For now, SOCKS4 has to do though.

Yeah. Jacek's post wasn't about adding proxy support to Nmap per se--Nmap
has been able to use a proxy for certain operations for quite some time
now, through the --proxies command line option. The proxy support worked
for things like version detection and NSE (Nmap Scripting Engine), but
it notably did not work for port scanning, because the port-scanning
code in Nmap uses sockets much differently than the rest of it. Jacek's
patch is about overcoming certain architectural difficulties and
extending proxy support to the port scanning phase too.

The patch doesn't actually add new SOCKS code to Nmap. It just uses what
is already there. Supporting SOCKS5 is a good project but it is separate
from this one.

Doing domain name resolution through the proxy (which would prevent DNS
leaks and enable scanning of onion sites) is also a separate and kind of
large project. Many parts of Nmap's code assume that they have an IP
address to work with, so it will take some rearchitecting too.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

