Re: [sqlmap-users] sqlmap through proxy
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap through proxy
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:37:28
|
minor clarification: "first of all, sqlmap doesn't issue DNS requests." this means that we don't do it manually. socket module does it. kr On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar <mir...@gm...> wrote: > On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: >> Miroslav Stampar wrote: >>> hi buawig. >>> >>> well, sure there is a misunderstanding here :) >>> >>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>> >>> quote: >>> "Even when connecting via a proxy your browser needs to get the IP >>> address for the web site domain. Generally it will directly query the >>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>> queries go through your proxy." >>> >>> there has to be a DNS request when dealing with HTTP proxy. >> >> This is only true if the HTTP Proxy is entered/specified as a hostname >> and not as an IP address. >> >> I just checked this for firefox. Firefox doesn't issue any DNS request >> when configured to use a HTTP proxy, so why should sqlmap need to issue >> a DNS request? > > first of all, sqlmap doesn't issue DNS requests. > > you have the code, it's open source after all, and you can check it yourself. > > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) > >> >>> about DNS leaks with TOR. we are aware of this issue and there is no >>> easy way out of it. believe me. I've spent three days searching and >>> implementing and there is NO easy way out of it. we can try to search >>> and use things like "tor-resolve" but it will work just for minor >>> number of cases (users which prepare environment for it). >> >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. > > kr > >> >> >> >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
