Sending files disregards proxy settings for account
|Reported by:||ioerror||Owned by:|
When using a SOCKS5 proxy, a remote user may de-anonymize or force a proxy bypass by sending a user a file.
Steps to reproduce
Configure two clients to use Tor. The first (pidgin) client offers a file. The second (gajim) client accepts. The second client will then connect directly to the address offered by the first client. The second client should attempt to connect to that IP address through the configured proxy only.
When the second (gajim) client offers to send a file it does not leak the IP address but it does bind a local TCP port to *:someport - this should not happen when a proxy is being used.
This should be treated as a case of double NAT and the only way to safely share the file is to use a file proxy or other third party.
Interestingly, the *:someport is always *:28011 - even after multiple file tries. Shouldn't that be a randomly selected port?
Change History (12)
comment:8 Changed 5 years ago by Yann Leboulanger <asterix@…>
- Milestone set to 0.15
- Resolution set to fixed
- Status changed from needinfo to closed