6

I tried exporting into http_proxy and https_proxy but that didn't seem to work.

I am guessing that there is another way to use a proxy when querying whois information from the command line?

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
HashWizard
  • 347
  • 1
  • 4
  • 12

4 Answers4

5

The whois command talks in a specific protocol and port, namely whois 43/tcp ; so obviously trying to use an HTTP(S) (HTTP port 80/tcp and HTTPS 443/tcp by default).

So HTTP proxies-aware won't work, as those protocols are not involved with the inner workings of the whois protocol.

If you need to setup an external proxy, you would need a socks aware proxy, as this example https://stackoverflow.com/questions/6718836/how-can-i-implement-a-simple-whois-proxy-in-perl

For a Whois proxy in python, see uwhoisd and for further clarifications on how to use it: python: how to perform whois with uwhoisd proxy

see also About the WHOIS Protocol

The WHOIS protocol is a simple, plaintext-based protocol that listens on TCP port 43. There is an RFC that defines the protocol, RFC 3912.

Community
  • 1
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
  • This link explains how to do this in perl, how do you do this in python? – HashWizard May 26 '17 at 12:55
  • @HashWizard added to the answer. – Rui F Ribeiro May 26 '17 at 12:58
  • My main objective is to get past the limitations of the query server, say to query 10 times instead of 5 times (which is the limit) by using public proxies. Would the solution that you provided allow me to do that ? Thanks for taking the time to address my problem – HashWizard May 26 '17 at 13:00
  • Because from the looks of it, the solution doesn't seem to be accepting different proxies (proxies provided by me) , the solution seems to be a 'proxy' /intermediary' for solving domain extension ambiguities (for example getting the correcting results if I whois something.com and something.org) – HashWizard May 26 '17 at 13:04
2

WHOIS is a TCP/IP protocol, HTTP doesn't play a part in the query and so an HTTP proxy won't work.

If your proxy server also presents a SOCKS interface, you could attempt to use tsocks or proxychains-ng as described here to perform the query.

Community
  • 1
Benjamin
  • 715
  • 4
  • 14
1

for me this worked:

ncat --listen --exec '/usr/bin/ncat --proxy <proxy_ip>:<proxy_port> whois.ripe.net 43' 8043 &

the query:

whois --host localhost --port 8043 <ip_that_i_want_to_whois>
Booker B
  • 51
  • 6
  • this is a socks5 proxy that you used with ncat? – Roman Dodin Jun 05 '23 at 14:20
  • no, this is a http proxy i guess for socks5 u need to add `--proxy-type socks5` the default is http according to `man ncat` – Booker B Jun 06 '23 at 16:38
  • thanks Booker B worked for me, but unfortunately I couldn't find a workaround to close the ncat connection when the data is received via the proxy-ied connection – Roman Dodin Jun 08 '23 at 10:30
  • ctrl+c should work – Booker B Jun 08 '23 at 15:07
  • yes, sure, but I wanted to have a non-interactive script, thus sending additional signals is not desired. Nevertheless, thank you for your example. – Roman Dodin Jun 09 '23 at 14:21
  • you could add `-i 1` for a 1 second idle time. This should close the proxy connection after 1sec. (add it to the second ncat which initiates the proxy connection) lower values are also possible like `--idle-timeout 200ms` – Booker B Jun 16 '23 at 15:49
0

if you allow port 43 to egress your http proxies then you can use a shell script to do the deed via an explicit CONNECT request

passing $1 as the whois host eg whois.nic.iana, , $2 as the query and $3 as the proxy host

#!/bin/sh
(
sleep 1
echo "CONNECT $1:43 HTTP/1.1"
echo ""

sleep 2
echo "$2"
echo ""
sleep 4

) | telnet $3 8080
roaima
  • 107,089
  • 14
  • 139
  • 261
jones43
  • 1