Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

DNS leak on OS X 10.9 Mavericks when using "nettop" and Tor Browser

I'm not a developer. So please bear with me. I have noticed that when I run nettop on OS X while using Tor Browser DNS leaks appear in a DNS log. I have seen bridges IP addresses being leaked (I use obfs3 bridges).

I can't confirm if other IP address from the tor system are leaked.

Details

I use DNSCrypt-osxclient.[1][2] I have set it to log my DNS requests. I can see a live list of DNS requests in Console (OS X's log viewing app.)

Sometimes I run "nettop" an OS X command line tool that lists what apps are connecting to the net.[3]

Recently I noticed that nettop causes at least some of Tor Browser IPs to be leaked through to the "regular" system DNS process (DNS Crypt.)

Without nettop running not Tor Browser's related IPs to appear in DNSCrypt's live log.

I don't know if this is serious or not but I thought it was worth letting you know. I know most users won't be running nettop but some power users might and without a live log of the DNS request this would go unnoticed.

Apps

OS X 10.9.5 Mavericks Tor Browser 4.0.3 Regular Terminal app from OS X 10.9.5 Regular nettop tool from OS X 10.9.5 DNSCrypt-osxclient 1.0.5

Refs

[1] https://github.com/alterstep/dnscrypt-osxclient/ [2] https://github.com/alterstep/dnscrypt-osxclient/releases/download/1.0.5/dnscrypt-osxclient-1.0.5.dmg [3] https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/nettop.1.html

Trac:
Username: glampop

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information