Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Torsocks
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 38
    • Issues 38
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Core
  • Torsocks
  • Issues
  • #17980
Closed
Open
Issue created Jan 03, 2016 by Trac@tracbot

Torify/Torsocks - Possible bug with OSX's default curl binary

OSX default curl binary is not being torified when using torify or torsocks. Using: curl --proxy socks5h://curl:curl@127.0.0.1:9050/ works fine, however, running torify/torsocks curl <url> does not work.

Example:

$ torify curl ifconfig.co/all.json # returns original IP $ curl --proxy socks5h://curl:curl@127.0.0.1:9050/ ifconfig.co/all.json # returns the expected output $ torify curl https://check.torproject.org/ | grep -i congratulations # returns nothing

Torify does work on the Homebrew's curl version with the torify command, but it does not work when running a torify --shell (nor does the default OSX's curl):

{{{ $ torify --shell /usr/local/bin/torsocks: New torified shell coming right up... $ /usr/local/opt/curl/bin/curl ifconfig.co/all.json # returns my real IP $ /usr/bin/curl ifconfig.co/all.json # returns my real IP $ wget ifconfig.co/all.json # returns my real IP too (using homebrew's wget version 1.17.1) }}}

OSX default curl:

$ curl --version
curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets

Homebrew's curl version:

$ /usr/local/opt/curl/bin/curl --version
curl 7.46.0 (x86_64-apple-darwin15.0.0) libcurl/7.46.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: IPv6 Largefile NTLM NTLM_WB SSL libz UnixSockets

Apple makes this difficult to debug and find out why, due it's Security Integrity Protection (executables signed with restricted entitlements), so I copied OSX's default curl binary to /tmp, ran [1] then I was able to run btruss on the default curl, however I wasn't able run torify with btruss , since [1] didn't work, btruss output didn't have anything interesting as far as I know.

Attachments: with-torify.txt for the output of sudo torify dtruss ./curl ifconfig.co/all.json and no-torify.txt for sudo dtruss ./curl ifconfig.co/all.json

I am willing to help debug this if needed, but I would like some help to make this easier, since disabling OSX's System Integrity Protection is not a good idea, and apparently code-signing didn't work with me.

[1] codesign -f -swhoamicurl

'''OSX version: 10.11.2 (15C50) Torsocks version: Torsocks 2.1.0 Tor version: 0.2.7.6 '''

Trac:
Username: z0xcd

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking