Message: Potentially Dangerous Connection!


3 years ago
Hello Forum,

I get this message in the TOR Message Log:
Potentially Dangerous Connection! - One of your applications established a connection through Tor to "1.2.3.4:80" using a protocol that may leak information about your destination. Please ensure you configure your applications to use only SOCKS4a or SOCKS5 with remote hostname resolution.

I'm using the Tor Bundle with two browsers parallel: The "normal" Firefox and Iron Chrom. In Iron Chrom I entered 127.0.0.1:9050 as a Socks Proxy.

Can someone give me more information about this topic?


Regards

Mike

PS: I have change the IP to 1.2.3.4, the real IP seems to point to a server farm.

3 years ago
You should have Polipo as well in your Tor Browser Bundle Distro.
Usually Polipo uses
proxyAddress = "127.0.0.1"
proxyPort = 8118

Try to put these settings in Iron Chrome and see what happens.

The full scheme should look like this:

Iron -> localhost:8118 Polipo -> localhost:9050 Tor -> 1.2.3.4:80 External resource

3 years ago
I'm using this Bundle: tor-browser-2.3.25-10_en-US.exe

Polipo is not included in this bundle. In the bundle above are firefox and tor included. Firefox uses the socks Proxy 127.0.0.1:9050 directly. If I call "www.spiegel.de", I dont get the "Potentially Dangerous Connection!" warnings. Now I use Chrome with this proxy settings and I get the "Potentially Dangerous Connection!" warning.

The dangerouse protokoll, is it http? How is it possible to leak the real ip? Can you or someone give me more informations about this warning? Polipo will filter the dangerouse parts of http?

3 years ago
I have two different guesses:

1) Tor warns you, that sinse you are using plaintext protocol, somebody (Tor Exit Node) can view all your traffic.
You should always prefer https:// to avoid this.

2) Your browser doesn't proxy DNS requests, so your ISP can watch what sites you are visiting (not data itself, only sitenames).
In Firefox type "about:config" in address bar, find there "network.proxy.socks_remote_dns" and change it to "true".

3 years ago
Thanks you very much for the info :)

last year
I have two different guesses:

2) Your browser doesn't proxy DNS requests, so your ISP can watch what sites you are visiting (not data itself, only sitenames).
In Firefox type "about:config" in address bar, find there "network.proxy.socks_remote_dns" and change it to "true".
"TOR Hacker"

Thanks, TOR Hacker. I found that Firefox also has a 'remote DNS' box that can be ticked in the network settings page (without going to about:config)

Reply

You are not logged in. Login or register to reply on this thread.