Delivery-Date: Sun, 27 Mar 2016 07:39:54 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4DA541E0354;
	Sun, 27 Mar 2016 07:39:51 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4783E39E31;
	Sun, 27 Mar 2016 11:39:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D1D3139DEC
 for <tor-talk@lists.torproject.org>; Sun, 27 Mar 2016 11:39:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uiIJfQWQlPDn for <tor-talk@lists.torproject.org>;
 Sun, 27 Mar 2016 11:39:43 +0000 (UTC)
Received: from tupac2.dyne.org (tupac2.dyne.org [178.62.188.7])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id A4E6139DBA
 for <tor-talk@lists.torproject.org>; Sun, 27 Mar 2016 11:39:42 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: parazyd@dyne.org) with ESMTPSA id D9F8B180855
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dyne.org; s=mail;
 t=1459078779; bh=Gzao57+rcfUJgukqKtRLTEP+zuL96viVVN7eU23IPOY=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=QZkDwdsKUzTo60aK1gy0oOvHB7si1vSNLRpL8O5dk05R72D7GDLnEpxOMRk3wa8ON
 hWweX13tU6K18trJGTG/6kfwS85BbotRbFCCAFld3utTSOwVEysOt+Ga9M7ZEhwSlW
 2V5A62WvZejsyvIZ0XHpSlCKPn+3AjD8X0iw9SuY=
Date: Sun, 27 Mar 2016 13:35:36 +0200
From: parazyd <parazyd@dyne.org>
To: tor-talk@lists.torproject.org
Message-ID: <20160327113536.GA18214@hansolo>
References: <20160326101405.GA8312@hansolo>
 <CAD2Ti29iUfoj+4bNdg0c+7mqPEYQmpFafJ6f1P3MiOny011Ntg@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAD2Ti29iUfoj+4bNdg0c+7mqPEYQmpFafJ6f1P3MiOny011Ntg@mail.gmail.com>
X-GPG-Keyserver: pgp.mit.edu
X-GPG-Id: 0xBB5E2E35B92E373E
X-GPG-Fingerprint: 6CB4 6C63 641D B1F1 F811 5B3A BB5E 2E35 B92E 373E
X-GPG-Key: https://parazyd.cf/b92e373e.asc
User-Agent: Jaro Mail <https://www.dyne.org/software/jaromail>
Subject: Re: [tor-talk] Duplicating Tor's DNS requests
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2313486874611571662=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2313486874611571662==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline


--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, 26 Mar 2016, grarpamp wrote:

> On 3/26/16, parazyd <parazyd@dyne.org> wrote:
> > I'm wondering about duplicating Tor's DNS requests (like, when browsing
> > a clearnet website) to another place on my machine.
> >
> > Basically, I'm running dnscap and with iptables or something similar, I
> > would like to copy the DNS requests so dnscap can see them, but the
> > important part is that the copied requests do not get through.
>=20
> dnscap / iptables expects dns protocol, not parsing hostname
> resolves out of socks5 protocol on localhost bpf. You need
> other tool for that.
> Your browser pushes hostnames through tor's socks5 interface,
> so tor would need feature to block them internally instead of
> sending them out over tor, then you couldn't browse anything.
> If you don't want anything leaving but tor, block all and only
> leave path to tor's socks5 port on another box / vm... aka: whonix.
>=20
> You probably want to read / comment / contribute to
> DNS portion of this ticket...
>=20
> # Combine setevents circ and stream
> https://trac.torproject.org/projects/tor/ticket/11179

Pretty interesting. I'll see what I can do.
Anyway, I would let both clear and Tor traffic out, I just wish to log
Tor's hostname/DNS requests and it seems a tad difficult so far.

--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJW98WCAAoJELteLjW5Ljc+KZoP/3sR2Sb3MWvldxC5h3NEtOye
w9py8iLhzUP29CUFWoZf9UNnWl35t2JcmSSfnoN88ubroiiFakGoON+b4pc9s3qg
dEab8omUeQ8ZV/0LsA49eg/x6kXQVV9K677gmFSkrlZlrp/KTi/S3yhXq4MTrL3L
/6sdzUFF422p2js6t2CY97Z3w+f/+QNOTzMoZeuMpu25hemNcDSfJdkpaPP4eXh4
Ue2a/XNiPuzMDbBNxErq0j7VEPqqWMFkKsmCwiKiYfdTlV5uBg+SBRDQ6zBJaq6v
bHD/d4n2nA2MiZ75MOZfmSuiRWoMWOhtriU9nriVfjZsV2ptQuxz3HGY0vBmx4zN
SHznEbqTZgmHE3BkAJIK+gwjeRMe4CX/7FM1Y6i3eqNEr8bTkjrnjE3br/M4lvjH
+ztDyfxGGIyavJ0E5/nGknKgf8eivjYKFqNwFG9NtUPDtWhqhWsKahFOqCyHc1Nf
x5dI2BXRPpYFHtZxpO9F6qCsFBRjxWv5sVC7fkMHpb9ugFK6aAbAqyfqR53U9Sbs
AyQaOtc6bv472riPWLn8HmKTcHIcUWGjMrLa7O4RfdOnqbX+noxG9/m7jrKiAWzJ
1rix4af1wXFe2iUJAMFefQIk0RFx+m5LCR1eCMnq6D24QxWM6fjFH16JVNQfJqfw
4cRvVOC+kBSee1BQTadK
=r/Tw
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--

--===============2313486874611571662==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2313486874611571662==--

