On July 9, 2019 8:55:00 AM UTC, nusenu nusenu-lists@riseup.net wrote:
Hi,
I noticed some unexpected answers in exitmap's [1] dnsenum results and suspected that this has todo with IPv4 vs. IPv6.
First I looked at [2] and found that it only lists IPv4 and hostnames as possible answers but then I realized that exitmap might not be using the RESOLVE command?
Exitmap is using tor's RESOLVE extension to SOCKS: https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt#n49
def resolve(self, domain): """ Resolve the given domain using Tor's SOCKS1 resolutionextension.
""" domain_len = len(domain) if domain_len > 255: raise error.SOCKSv5Error("Domain must not be longer than255 "
"characters, but %d given." %domain_len)
# Tor defines a new command value, \x0f, that is used fordomain
# resolution. self._send_all("\x05\xf0\x00\x03%s%s%s" % (chr(domain_len), domain, "\x00\x00"))
Exitmap uses the SOCKS 5, resolve, DNS command: See page 4 of https://www.ietf.org/rfc/rfc1928.txt
resp = self._recv_all(10) if resp[:2] != "\x05\x00": raise error.SOCKSv5Error("Invalid server response: 0x%s"%
resp[1].encode("hex"))
Resolve can return an IPv4 or IPv6 response, but Exitmap ignores the address type, and turns the first 4 bytes of the response into an IPv4 address.
return socket.inet_ntoa(resp[4:8])Does Tor's SOCKS resolution extension support IPv6 answers or does it only attempt A records?
If it gets both IPv4 and IPv6, I think it will prefer IPv4.
Try testing with ipv6.google.com, which only has an IPv6 address.
I'm aiming to resolve a hostname and would like to get the IPv4 and if available the IPv6 address.
I don't know how you can reliably get the IPv6 address over SOCKS, when the site has an IPv4 address.
Try using the controller RESOLVE command and ADDRMAP event, which supports IPv6:
Address = ip4-address / ip6-address / hostname
If that doesn't work, we might need to make some changes to tor, or fix some bugs.
thanks, nusenu
[1] https://github.com/NullHypothesis/exitmap [2] https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1349
-- teor ----------------------------------------------------------------------