Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.onion request in regular window should also avoid DNS leakage #14261

Closed
diracdeltas opened this issue Feb 19, 2021 · 2 comments · Fixed by brave/brave-core#8040
Closed

.onion request in regular window should also avoid DNS leakage #14261

diracdeltas opened this issue Feb 19, 2021 · 2 comments · Fixed by brave/brave-core#8040
Assignees
Labels

Comments

@diracdeltas
Copy link
Member

diracdeltas commented Feb 19, 2021

#13527 fixed the issue of .onion leaking DNS in Tor windows, but the issue should also be fixed in regular windows because users may accidentally enter a .onion in a regular window instead of a Tor window. this happens regardless of whether the 'Automatically redirect .onion' option is selected.

STR:

  1. disable DoH (makes it easier to see requests in wireshark)
  2. open wireshark and filter by DNS
  3. open a regular tab and navigate to facebookcorewwwi.onion
  4. you see DNS requests in wireshark

expected behavior: brave should block DNS if it sees a top-level navigation to a .onion URL both when the 'Automatically redirect .onion' is on and when it is off.

@diracdeltas diracdeltas added the priority/P2 A bad problem. We might uplift this to the next planned release. label Feb 19, 2021
@diracdeltas diracdeltas added the feature/tor/leakproofing Eliminating unexpected ways that someone using Tor might be unmasked. label Feb 19, 2021
@fmarier
Copy link
Member

fmarier commented Feb 19, 2021

For reference, this is mentioned in RFC7686.

Here's Firefox test case for it: https://searchfox.org/mozilla-central/source/netwerk/test/unit/test_dns_onion.js

@GeetaSarvadnya
Copy link

GeetaSarvadnya commented Feb 24, 2021

Verification passed on


Brave | 1.20.110 Chromium: 88.0.4324.192 (Official Build) (64-bit)
-- | --
Revision | 31b458a18f133db9203eb5a5dd6552de0716dda3-refs/branch-heads/4324_182@{#6}
OS | Windows 10 OS Version 2004 (Build 19041.804)

Verified the test plan from https://github.com/brave/brave-core/pull/8040#issue-578027432

Auto redirect off

  • Confirmed that visiting https://brave5t5rjjg3s6k.onion/ in a normal window gave an error page and the .onion URL did not result in a DNS lookup in Wireshark.
    image

  • Clicked on the "Open in Tor" button in above window. Confirmed https://brave5t5rjjg3s6k.onion/ was opened in a Tor window.
    image

  • Went to tab from step 2 and entered https://brave5t5rjjg3s6k.com. Confirmed no "Open in Tor" button.
    image

Auto redirect on

Confirmed visiting https://brave5t5rjjg3s6k.onion/ in a normal window with "Automatically redirect .onion sites" on showed an error page on normal window and opened a Tor window with the site. Confirmed no DNS lookup in Wireshark.

image
image

Verified the test plan from https://github.com/brave/brave-core/pull/7713#issue-562159331
  • Ensured Automatically redirect .onion sites is enabled in brave://settings/extensions
    image

  • Verified only one tab opened which is https://brave5t5rjjg3s6k.onion and no new tab in a Tor window
    image

  • Confirmed there were still only two Tor tabs, https://brave5t5rjjg3s6k.onion and http://expyuzz4wqqyqhjn.onion/index.html
    image


Verified passed with

Brave	1.20.110 Chromium: 88.0.4324.192 (Official Build) (x86_64)
Revision	31b458a18f133db9203eb5a5dd6552de0716dda3-refs/branch-heads/4324_182@{#6}
OS	macOS Version 10.15.7 (Build 19H512)

Reproduced issue using STR from description with 1.20.108. Confirmed DNS lookup was observed in Wireshark.

Verified test plan from brave/brave-core#8040 using 1.20.110:

Auto Redirect Off

Confirmed that visiting https://brave5t5rjjg3s6k.onion/ in a normal window gave an error page and the .onion URL did not result in a DNS lookup in Wireshark.

Step 4

Clicked on the "Open in Tor" button in above window. Confirmed https://brave5t5rjjg3s6k.onion/ was opened in a Tor window.

Step6

Went to tab from step 2 and entered https://brave5t5rjjg3s6k.com. Confirmed no "Open in Tor" button.

Step 8
Auto Redirect On

Confirmed visiting https://brave5t5rjjg3s6k.onion/ in a normal window with "Automatically redirect .onion sites" on showed an error page on normal window and opened a Tor window with the site. Confirmed no DNS lookup in Wireshark.

Step56

Verification passed on

Brave 1.20.110 Chromium: 88.0.4324.192 (Official Build) (64-bit)
Revision 31b458a18f133db9203eb5a5dd6552de0716dda3-refs/branch-heads/4324_182@{#6}
OS Ubuntu 18.04 LTS

Verified test plan from brave/brave-core#8040

Reproduced the issue on 1.20.108
image

Auto Redirect Off

Verified an error page is shown and that the .onion didn't result in a DNS lookup.
image
Verified the page is opened in Tor Window after clicking "Open in Tor" button
image
Verified openning https://brave5t5rjjg3s6k.com/ clears "Open in Tor" button
image

Auto Redirect On

Confirmed visiting https://brave5t5rjjg3s6k.onion/ in a normal window with "Automatically redirect .onion sites" on showed an error page on normal window and opened a Tor window with the site. Confirmed no DNS lookup in Wireshark.

image

Verified FIXED using brave/brave-core#8040 (comment) and brave/brave-core#7713 (comment)

Brave 1.20.110 Chromium: 88.0.4324.192 (Official Build) (x86_64)
Revision 31b458a18f133db9203eb5a5dd6552de0716dda3-refs/branch-heads/4324_182@{#6}
OS macOS Version 11.2.1 (Build 20D74)
Brave 1.20.110 Chromium: 88.0.4324.192 (Official Build) (64-bit)
Revision 31b458a18f133db9203eb5a5dd6552de0716dda3-refs/branch-heads/4324_182@{#6}
OS Windows 10 OS Version 2009 (Build 21318.1000)

Auto redirect off

  • Started Wireshark and filtered for dns.
  • disabled DoH in brave://settings/security (makes it easier to see requests in Wireshark)
  • Opened a normal window and typed https://brave5t5rjjg3s6k.onion/ in the URL bar.
  • Confirmed I got an error page and that the .onion didn't result in a DNS lookup.
screenshot Screen Shot 2021-02-24 at 8 43 10 AM
  • Verified there was an "Open in Tor" button
  • Clicked it and confirmed that it opened https://brave5t5rjjg3s6k.onion/ in Tor window
  • Went back to the tab of step 2 and typed https://brave5t5rjjg3s6k.com/ in the URL bar.
    Verified no "Open in Tor" button.
screenshot Screen Shot 2021-02-24 at 8 43 57 AM

Auto redirect on

  • Started Wireshark and filtered for dns.
  • disable DoH in brave://settings/security (makes it easier to see requests in Wireshark)
  • Went to brave://settings/extensions and turned on Automatically redirect .onion sites
  • Opened a normal window and typed https://brave5t5rjjg3s6k.onion/ in the URL bar.
  • Confirmed that I got an error page and that the .onion didn't result in a DNS lookup.
  • Confirmed that Tor window opened automatically with https://brave5t5rjjg3s6k.onion/
screenshot Screen Shot 2021-02-24 at 8 45 56 AM

From brave/brave-core#7713:

Verified we only have single Tor tabs, and that we didn't close the .com tab, for both https://brave5t5rjjg3s6k.onion and http://expyuzz4wqqyqhjn.onion/index.html

screenshot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
8 participants