-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hackerone #1377864 - CNAME Uncloacking in SOCKS5 protocol #19070
Comments
Verified
|
Brave | 1.33.51 Chromium: 95.0.4638.69 (Official Build) nightly (x86_64) |
---|---|
Revision | 6a1600ed572fedecd573b6c2b90a22fe6392a410-refs/branch-heads/4638@{#984} |
OS | macOS Version 11.6.1 (Build 20G224) |
Steps:
- new profile
- launched Brave
- installed the Proxy SwitchyOmega extension
- set
Enable CNAME uncloaking
toEnabled
inbrave://flags
- In the extension settings page, set the Proxy Servers section to have a single entry, as follows:
- Scheme Protocol Server Port
- (default) SOCKS5 127.0.0.1 8081
- cleared the "Bypass List" section in the extension settings page
- ensured the above changes were applied by clicking the "Apply changes" button in the left column
- started a SOCKS5 proxy server on the device via:
ssh 127.0.0.1 -D 8081
(after opening upRemote Login
inSharing
(macOS Settings). - added the following line to the Custom filters section in brave://adblock:
||dev-pages.brave.software/static/images/test.jpg
- visited
https://test-cname.brave.software/cname-uncloaking.html
- used the Proxy SwitchyOmega icon in the "puzzle piece" extensions menu to enable
proxy mode
(should be the 3rd option). - pressed the
Run test
button - confirmed the request was
allowed
(green). - in the "puzzle piece" extensions menu, changed to
[System Proxy]
and ran the test again. Confirmed the request wasblocked
(red). - in the "puzzle piece" extensions menu, changed to
[Direct]
and run the test again. Confirmed the request wasblocked
(red).
example | example | example | example | example | example |
---|---|---|---|---|---|
Verified PASSED
using
Brave | 1.33.95 Chromium: 96.0.4664.45 (Official Build) dev (64-bit) |
---|---|
Revision | 76e4c1bb2ab4671b8beba3444e61c0f17584b2fc-refs/branch-heads/4664@{#947} |
OS | Linux |
Steps:
- new profile
- launched Brave
- installed the Proxy SwitchyOmega extension
- enabled cname-uncloaking via
brave://flags
- In the extension settings page, set the Proxy Servers section to have a single entry, as follows:
Scheme Protocol Server Port
(default) SOCKS5 127.0.0.1 8081 - cleared the "Bypass List" section in the extension settings page
- ensured the above changes were applied by clicking the "Apply changes" button in the left column
- started a SOCKS5 proxy server on the device via:
ssh 127.0.0.1 -D 8081
(after opening upRemote Login
inSharing
(macOS Settings). - added the following line to the Custom filters section in brave://adblock:
||dev-pages.brave.software/static/images/test.jpg
- visited
https://test-cname.brave.software/cname-uncloaking.html
- used the Proxy SwitchyOmega icon in the "puzzle piece" extensions menu to enable
proxy mode
(should be the 3rd option). - pressed the
Run test
button - confirmed the request was
allowed
(green). - in the "puzzle piece" extensions menu, changed to
[System Proxy]
and ran the test again. Confirmed the request wasblocked
(red). - in the "puzzle piece" extensions menu, changed to
[Direct]
and run the test again. Confirmed the request wasblocked
(red).
example | example | example | example | example | example | example |
---|---|---|---|---|---|---|
Update for @brave/legacy_qa: I've tried (unsuccessfully) to get this verified on both Linux and Windows. Linux: DNS/name resolvers seemingly return cached names, leading to the test always showing Windows: I've tried both 1) ShadowSocks and 2) freesshd (servers) No dice so far. Haven't-yet tried https://github.com/jgaa/shinysocks; YMMV. |
thanks for the update on this one @stephendonner 👍🏻 cc @rebron on this issue |
Verification Android progress-status:
...and that's as far as I've gotten. Not sure what else can be tested here, from desktop's test plan. @antonok-edm mind conferring with @samartnik @SergeyZhukovsky et al on the test plan, here? 🙏
|
Current status with Windows 10 attempt to verify; tested with
After all of the above setup (which worked on macOS and Linux), I'm still stuck here: when using I've confirmed that I've got Any ideas @antonok-edm ?
cc @brave/legacy_qa |
@diracdeltas can you confirm you get similar results?
The above is with the following config:
|
@stephendonner yep i got those results on my windows 10 VM |
@diracdeltas thanks for confirming 👍 |
Results above look good to me. We definitely don't want leakage outside of the proxy, which the CNAME resolver does not use for whatever reason. There are no "request blocked" results while the proxy is installed and active so this should be all set. |
https://hackerone.com/reports/1377864
The text was updated successfully, but these errors were encountered: