[tbb-dev] Looking at tor browser connections
Nicolas Vigier
boklm at mars-attacks.org
Fri May 16 14:51:27 UTC 2014
Hello,
While discussing during the IRC meeting last friday about mbox integration
in the tests suite to monitor connections made by the tor browser, we
noticed that it opens 2 connections to the dns server, and 2 to the
default tor socks port even when it is set to an other port with the
TOR_SOCKS_PORT environment variable:
https://people.torproject.org/~boklm/tmp/tests/r/4mrXwR46_6/tor-browser-linux64-3.6_en-US.tar.xz.html#https-everywhere
So I have been looking at why it is doing this.
I have been looking at the browser source code to understand why it does
a dns request to resolve the hostname of the machine, and found this:
https://gitweb.torproject.org/tor-browser.git/blob/90a58a42063dcd56e29435656237bf4b976d83b8:/profile/dirserviceprovider/src/nsProfileLock.cpp#l307
Before starting the browser it wants to create a lock file in the
profile directory, which is a symlink pointing to the IP of the machine,
so this is probably the reason why it's doing a dns request.
Adding the hostname in /etc/hosts fixed the problem. Or for
distributions that use libnss_myhostname (such as Fedora 20), editing
/etc/nsswitch.conf to move 'myhostname' first on the hosts line.
For the connections on port 9150, here is how to reproduce it:
$ tar xvf tor-browser-linux64-3.6.1_en-US.tar.xz
$ cd tor-browser_en-US
$ sed -i s/9150/9550/ Data/Tor/torrc-defaults
$ export TOR_SOCKS_PORT=9550
$ ./start-tor-browser
Running 'tcpdump -i lo port 9150' in an other shell at the same time
shows some connections on this port. Looking with wireshark shows that
it is a connection to check.torproject.org.
It only happens with a new profile on the first run (when
Data/Browser/profile.default/prefs.js has not been created yet).
If I create a file Data/Browser/profile.default/prefs.js to define
extensions.torbutton.socks_port, there is no connection to port 9150:
More information about the tbb-dev
mailing list