Hmm, all good news right? , get this for free , do that for free…. yes , …. for free
Intro – IE and FireFox
Now, I really dislike Internet Explorer, because it’s Made In Microsoft of course , it’s very incompatible with the web, it’s very dummy and it crash everyday.
Anyway I’m not interested in it as I use Linux and only linux. At work I was debugging something and I was tailing squid acces.log and while my firefox was up and running I saw allot of data chunks sent to “google safebrowsing” and google of course was collecting all of this data.
Now if there is a way to disable this, I don’t know and don’t want to as Mozilla never warned me about my cache and website sent to google for statistical or other purposes.
Now this is really ugly, and I really don’t like Mozilla now for this specific reason.
Opera was all ways my favorite browser, had allot of services, like mail, irc, debugging tools, and quite good security and cookie control.
Now I was interested in “Opera Turbo” and how this worked, I thought normally an Opera server should be in the middle between me and the website.
While Opera Turbo was active, I visited an “show my IP website” and I saw that the IP was not mine but was an Opera IP (this is a proof normally that I was using a Proxy).
I was curious and made a lame active port-scan with nmap (sorry , hping and passive scan rules but I was to lazy).
This is the result (of course the IP / time and hostname are edited):
So, as you can see the Port’s of Interest are:
12419 tcp open syn-ack 12420 tcp open syn-ack 12421 tcp open syn-ack 12422 tcp open syn-ack 12423 tcp open syn-ack 12424 tcp open syn-ack 12425 tcp open syn-ack 12426 tcp open syn-ack 12427 tcp open syn-ack 12428 tcp open syn-ack 12429 tcp open syn-ack 12430 tcp open syn-ack 12431 tcp open syn-ack 12432 tcp open syn-ack 12433 tcp open syn-ack 12434 tcp open syn-ack 12435 tcp open syn-ack 12436 tcp open syn-ack 12437 tcp open syn-ack 12438 tcp open syn-ack
This are all proxies (nmap doesn’t say much about them but I will dig later).
Another point of interest is the traceroute that shows how near the Proxy Server is:
Hop Rtt IP Host 1 10.20 192.168.1.1 * 3 37.48 126.96.36.199 4 29.06 188.8.131.52 5 14.08 184.108.40.206 6 51.88 220.127.116.11 asd1-asd-asd.net 7 17.90 18.104.22.168 8 54.51 22.214.171.124 asd2-asd-asd.net 9 70.14 00.000.00.0 asd.asd-com.net
From this data we can say that:
1) When we activate Opera turbo an request is made to Opera Proxies and a near proxy is assigned – we can say the nearer.
2) There is not just a single proxy, I think this network of many Opera Proxies is connected with each-other at high speed an of course we have load-balancing in here.
3) That’s not all, when we use squid, there is an option called “parent proxy” and normally when the proxy check his cache and don’t find anything than check the cache of an parent proxy, so when we make a simple request to website.com this request is intercepted by Opera Turbo (because it’s activated right?) now
- if the proxy have the content ? – yep good, really fast response
- if the proxy didn’t have the content ? – the proxy itself ask the parent proxies and if the content is found is presented to Opera Browser (again, good , fast response)
- if the proxy didn’t found the content in his cache and also in parent proxies? An normal request is done, and I think this is a bit more slower than a normal request made by the browser without Opera Turbo.
Is this really a Proxy?
If you mean with proxy “hiding your IP” that in deed doesn’t make you “anonymous” than the answer is NO, this is because the Opera Proxy always use HTTP_X_FORWARDED_FOR (check wikipedia for more info) in the HTTP header and this practically show to the destination the originating IP address, in this case your IP or one of your ISP IP’s assigned to your network.
I tried to find out what’s running on this port (i.e maybe squid or something) but with no success until now