diff --git a/src/core.c b/src/core.c index 17cc66d..ab5a78b 100644 --- a/src/core.c +++ b/src/core.c @@ -44,6 +44,7 @@ pthread_mutex_t internal_ips_lock; extern int tcp_read_time_out; extern int tcp_connect_time_out; extern int proxychains_quiet_mode; +extern unsigned int remote_dns_subnet; internal_ip_lookup_table internal_ips = {0, 0, NULL}; @@ -84,7 +85,7 @@ in_addr_t make_internal_ip(uint32_t index) { ip_type ret; index++; // so we can start at .0.0.1 if(index > 0xFFFFFF) return (in_addr_t) -1; - ret.octet[0] = 224; + ret.octet[0] = remote_dns_subnet & 0xFF; ret.octet[1] = (index & 0xFF0000) >> 16; ret.octet[2] = (index & 0xFF00) >> 8; ret.octet[3] = index & 0xFF; @@ -260,7 +261,8 @@ static int tunnel_to(int sock, ip_type ip, unsigned short port, proxy_type pt,ch // we use ip addresses with 224.* to lookup their dns name in our table, to allow remote DNS resolution // the range 224-255.* is reserved, and it won't go outside (unless the app does some other stuff with // the results returned from gethostbyname et al.) - if(ip.octet[0] == 224) { + // the hardcoded number 224 can now be changed using the config option remote_dns_subnet to i.e. 127 + if(ip.octet[0] == remote_dns_subnet) { dns_name = string_from_internal_ip(ip); if(!dns_name) goto err; dns_len = strlen(dns_name); @@ -584,7 +586,7 @@ static int chain_step(int ns, proxy_data *pfrom, proxy_data *pto) #ifdef DEBUG PDEBUG("chain_step()\n"); #endif - if(pto->ip.octet[0] == 224) { + if(pto->ip.octet[0] == remote_dns_subnet) { hostname = string_from_internal_ip(pto->ip); if(!hostname) goto usenumericip; } else { diff --git a/src/libproxychains.c b/src/libproxychains.c index a71b3b0..2d94dbc 100644 --- a/src/libproxychains.c +++ b/src/libproxychains.c @@ -55,6 +55,7 @@ int proxychains_resolver = 0; static int init_l = 0; localaddr_arg localnet_addr[MAX_LOCALNET]; size_t num_localnet_addr = 0; +unsigned int remote_dns_subnet = 224; static inline void get_chain_data(proxy_data *pd, unsigned int *proxy_count, chain_type *ct); @@ -232,18 +233,24 @@ static inline void get_chain_data( } else { if(strstr(buff,"[ProxyList]")) { list=1; - } else if(strstr(buff,"random_chain")) { + } else if(strstr(buff, "random_chain")) { *ct=RANDOM_TYPE; - } else if(strstr(buff,"strict_chain")) { + } else if(strstr(buff, "strict_chain")) { *ct=STRICT_TYPE; - } else if(strstr(buff,"dynamic_chain")) { + } else if(strstr(buff, "dynamic_chain")) { *ct=DYNAMIC_TYPE; } else if(strstr(buff,"tcp_read_time_out")){ - sscanf(buff,"%s %d",user,&tcp_read_time_out) ; + sscanf(buff, "%s %d", user, &tcp_read_time_out); } else if(strstr(buff,"tcp_connect_time_out")){ - sscanf(buff,"%s %d",user,&tcp_connect_time_out) ; - } else if(strstr(buff,"localnet")) { - if (sscanf(buff,"%s %21[^/]/%15s", user, + sscanf(buff, "%s %d", user, &tcp_connect_time_out); + } else if(strstr(buff,"remote_dns_subnet")){ + sscanf(buff, "%s %d", user, &remote_dns_subnet); + if(remote_dns_subnet >= 256) { + fprintf(stderr, "remote_dns_subnet: invalid value. requires a number between 0 and 255.\n"); + exit(1); + } + } else if(strstr(buff, "localnet")) { + if (sscanf(buff, "%s %21[^/]/%15s", user, local_in_addr_port, local_netmask) < 3) { fprintf(stderr, "localnet format error"); exit(1); diff --git a/src/proxychains.conf b/src/proxychains.conf index 8ddee8b..d2da595 100644 --- a/src/proxychains.conf +++ b/src/proxychains.conf @@ -37,6 +37,19 @@ strict_chain # Proxy DNS requests - no leak for DNS data proxy_dns +# set the class A subnet number to usefor use of the internal remote DNS mapping +# we use the reserved 224.x.x.x range by default, +# if the proxified app does a DNS request, we will return an IP from that range. +# on further accesses to this ip we will send the saved DNS name to the proxy. +# in case some control-freak app checks the returned ip, and denies to +# connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x. +# of course you should make sure that the proxified app does not need +# *real* access to this subnet. +# i.e. dont use the same subnet then in the localnet section +#remote_dns_subnet 127 +#remote_dns_subnet 10 +remote_dns_subnet 224 + # Some timeouts in milliseconds tcp_read_time_out 15000 tcp_connect_time_out 8000