It is currently Tue Jan 19, 2021 7:55 pm

All times are UTC + 1 hour

Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Conduct DNS Leak Test on VPN via PureBasic and Powershell
PostPosted: Tue Jan 07, 2020 5:08 pm 

Joined: Thu Nov 06, 2014 7:18 pm
Posts: 55
If you are using a VPN service with a software client, e.g. PrivateInternetAccess, one of the important things you need to do is make sure your real ISP DNS address is not disclosed. Most VPN software services software provide a VPN DNS to use or some sort of DNS leak prevention.

A DNS leak refers to a security flaw that allows DNS requests to be revealed to ISP DNS servers, despite the use of a VPN service to attempt to conceal them.

A lot of people use one of the many web sites available to test with, e.g or etc.... but this test can be conducted from your computer if you wish in a command prompt or via powershell. There is a command prompt method available for windows, Mac, Linux but I'm going to just touch on the use of purebasic and powershell here.

In a dns leak test the object is to have the VPN provided public IP address match that of the VPN dns query IP address. If the VPN public IP matches your returned DNS address there is no DNS leak. For example, VPN public IP is and your detected DNS address is then no DNS leak exists, if they do not match then you have a dns leak.

To do the dns leak test from your computer you need a recursive server that will return the dns query address and not your public IP address. I've used such servers in the below windows code using purebasic and powershell (tested on Windows 10)

Procedure.s GetDnsLeakTest()
  a$ = "$pipsA = @('','','');"
  b$ = "For ($i=0; $i -lt $pipsA.Length; $i++) {;"
  c$ = "$pubip = ((Invoke-WebRequest -Uri $pipsA[$i] –UseBasicParsing -DisableKeepAlive -TimeoutSec 8).Content).Trim();"
  d$ = "If ([bool][ipaddress] $pubip -eq $true) {Break} }; If ($i -eq 2 -And [bool][ipaddress] $pubip -ne $true) {;"
  e$ = "$pubip = ((Invoke-RestMethod -Uri '').ip).Trim() }; $pubip = $pubip.Trim();"
  f$ = "$x = 0; $rnuma = -join (%{ [char[]] (48..57 + 65..90 + 97..122) | Get-Random -count 40});"
  g$ = "$rdns = @('','','', '',"
  h$ = "'', '', '', '');"
  i$ = "For ($i=0; $i -lt $rdns.Length; $i++) {$ips = $null;"
  j$ = "If ($i -eq 0) {$ips = (Resolve-DnsName $rdns[$i] -QuickTimeout -Type txt).Strings[1].Trim()};"
  k$ = "If ($i -In 1..4 -eq $true) {$ips = ((Resolve-DnsName $rdns[$i] -QuickTimeout -Type A).IPAddress).Trim()};"
  l$ = "If ($i -In 5..7 -eq $true) {$ips = (Resolve-DnsName $rdns[$i] -QuickTimeout -Type txt).Strings[0].Trim()};"
  m$ = "$isipfour = [bool][ipaddress] $ips; If ($isipfour -eq 'True' -And $ips -ne $pubip) {Return 'Warning! DNS Address Leak = ' +  $ips};"
  n$ = "If ($isipfour -eq 'True' -And $ips -eq $pubip) {$x++} }; If ($x -eq 0) {Return 'NoResource'} Else {Return 'NoLeak'}"
  cmdx$ = "$ErrorActionPreference = 'SilentlyContinue';" + a$ + b$ + c$ + d$ + e$ + f$ + g$ + h$ + i$ + j$ + k$ +l$ + m$ + n$
  OutCmd$ = ""
  KeepOutCmd$ = ""
  CmdPromptRun = RunProgram("powershell.exe", cmdx$,"", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
  If CmdPromptRun
    While ProgramRunning(CmdPromptRun)
      KeepOutCmd$ = KeepOutCmd$ + OutCmd$
  chkret$ = Trim(KeepOutCmd$)
  If CountString(chkret$, "Exception") > 0 Or CountString(chkret$, "FullyQualifiedErrorId") > 0
    ProcedureReturn "Warning! DNS Leak Test Not Conducted"
  If CountString(chkret$, "Warning! DNS Address Leak =") > 0
    ProcedureReturn chkret$
  If chkret$ = "NoLeak"
    ProcedureReturn "No DNS Address Leak Detected"
  If chkret$ = "NoResource"
    ProcedureReturn "Warning! No DNS Leak Test Resource - Test Not Conducted"

Debug GetDnsLeakTest()

You could use just one of the servers but its best to use multiple passes as a DNS leak can be intermittent. In the above code I use multiple passes across different servers.

The code first gets your public IP address ($pubip) which it then uses to compare against the dns query IP returned ($ips). Multiple passes are used across multiple servers. Multiple servers are used to get your public IP in case one is down, and the dns leak is conducted across multiple servers. If it returns "Warning! DNS Address Leak" the leaking DNS IP address will be returned also. Redundancy is built in just in case a server is down or is not reachable for some reason, so the test will have the best chance of success.

Note: The line "$rnuma = -join (%{ [char[]] (48..57 + 65..90 + 97..122) | Get-Random -count 40});" is part of an addition to this if you use a server that wants a generated random asciii character string, you can remove this line if you do not plan to use a server which needs a generated random ascii character string. To use it change the -count to the number of characters. If needed you can alter the ascii characters needed at the (48..57 + 65..90 + 97..122) portion. None of the servers I've included need this string. If you choose to not use this and omit it from the code the line would look like this

f$ = "$x = 0;"

The world and human nature was screwed up before I was born. It's not my fault and I'm just stuck with trying to deal with the mess left behind, so don't blame me.

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC + 1 hour

Who is online

Users browsing this forum: kvitaliy, ShadowStorm and 29 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye