AlbanianWizard

Hmm, all good news right? , get this for free , do that for free…. yes , …. for free

Intro – IE and FireFox

Now, I really dislike Internet Explorer, because it’s Made In Microsoft of course , it’s very incompatible with the web, it’s very dummy and it crash everyday.

Anyway I’m not interested in it as I use Linux and only linux. At work I was debugging something and I was tailing squid acces.log and while my firefox was up and running I saw allot of data chunks sent to “google safebrowsing” and google of course was collecting all of this data.
Now if there is a way to disable this, I don’t know and don’t want to as Mozilla never warned me about my cache and website sent to google for statistical or other purposes.
Now this is really ugly, and I really don’t like Mozilla now for this specific reason.

Opera

Opera was all ways my favorite browser, had allot of services, like mail, irc, debugging tools, and quite good security and cookie control.
Now I was interested in “Opera Turbo” and how this worked, I thought normally an Opera server should be in the middle between me and the website.
While Opera Turbo was active, I visited an “show my IP website” and I saw that the IP was not mine but was an Opera IP (this is a proof normally that I was using a Proxy).
I was curious and made a lame active port-scan with nmap (sorry , hping and passive scan rules but I was to lazy).
This is the result (of course the IP / time and hostname are edited):

Opera Turbo – Server IP Nmap report

So, as you can see the Port’s of Interest are:

12419	tcp	open	 	syn-ack
12420	tcp	open	 	syn-ack
12421	tcp	open	 	syn-ack
12422	tcp	open	 	syn-ack
12423	tcp	open	 	syn-ack
12424	tcp	open	 	syn-ack
12425	tcp	open	 	syn-ack
12426	tcp	open	 	syn-ack
12427	tcp	open	 	syn-ack
12428	tcp	open	 	syn-ack
12429	tcp	open	 	syn-ack
12430	tcp	open	 	syn-ack
12431	tcp	open	 	syn-ack
12432	tcp	open	 	syn-ack
12433	tcp	open	 	syn-ack
12434	tcp	open	 	syn-ack
12435	tcp	open	 	syn-ack
12436	tcp	open	 	syn-ack
12437	tcp	open	 	syn-ack
12438	tcp	open	 	syn-ack

This are all proxies (nmap doesn’t say much about them but I will dig later).

Another point of interest is the traceroute that shows how near the Proxy Server is:

Hop	Rtt	IP	Host
1	10.20	192.168.1.1	*
3	37.48	111.1.11.111
4	29.06	111.1.11.111
5	14.08	111.1.11.112
6	51.88	111.1.11.113	asd1-asd-asd.net
7	17.90	111.1.11.114
8	54.51	111.1.11.115	asd2-asd-asd.net
9	70.14	00.000.00.0	asd.asd-com.net

From this data we can say that:

1) When we activate Opera turbo an request is made to Opera Proxies and a near proxy is assigned – we can say the nearer.
2) There is not just a single proxy, I think this network of many Opera Proxies is connected with each-other at high speed an of course we have load-balancing in here.
3) That’s not all, when we use squid, there is an option called “parent proxy” and normally when the proxy check his cache and don’t find anything than check the cache of an parent proxy, so when we make a simple request to website.com this request is intercepted by Opera Turbo (because it’s activated right?) now
- if the proxy have the content ? – yep good, really fast response
- if the proxy didn’t have the content ? – the proxy itself ask the parent proxies and if the content is found is presented to Opera Browser (again, good , fast response)
- if the proxy didn’t found the content in his cache and also in parent proxies? An normal request is done, and I think this is a bit more slower than a normal request made by the browser without Opera Turbo.

Is this really a Proxy?

If you mean with proxy “hiding your IP” that in deed doesn’t make you “anonymous” than the answer is NO, this is because the Opera Proxy always use  HTTP_X_FORWARDED_FOR (check wikipedia for more info) in the HTTP header and this practically show to the destination the originating IP address, in this case your IP or one of your ISP IP’s assigned to your network.
I tried to find out what’s running on this port (i.e maybe squid or something) but with no success until now