[tbb-dev] Looking at tor browser connections

Nicolas Vigier boklm at mars-attacks.org
Fri May 16 14:51:27 UTC 2014


While discussing during the IRC meeting last friday about mbox integration
in the tests suite to monitor connections made by the tor browser, we
noticed that it opens 2 connections to the dns server, and 2 to the
default tor socks port even when it is set to an other port with the
TOR_SOCKS_PORT environment variable:

So I have been looking at why it is doing this.

I have been looking at the browser source code to understand why it does
a dns request to resolve the hostname of the machine, and found this:
Before starting the browser it wants to create a lock file in the
profile directory, which is a symlink pointing to the IP of the machine,
so this is probably the reason why it's doing a dns request.
Adding the hostname in /etc/hosts fixed the problem. Or for
distributions that use libnss_myhostname (such as Fedora 20), editing
/etc/nsswitch.conf to move 'myhostname' first on the hosts line.

For the connections on port 9150, here is how to reproduce it:

$ tar xvf tor-browser-linux64-3.6.1_en-US.tar.xz
$ cd tor-browser_en-US
$ sed -i s/9150/9550/ Data/Tor/torrc-defaults
$ export TOR_SOCKS_PORT=9550
$ ./start-tor-browser

Running 'tcpdump -i lo port 9150' in an other shell at the same time
shows some connections on this port. Looking with wireshark shows that
it is a connection to check.torproject.org.

It only happens with a new profile on the first run (when
Data/Browser/profile.default/prefs.js has not been created yet).

If I create a file Data/Browser/profile.default/prefs.js to define
extensions.torbutton.socks_port, there is no connection to port 9150:

More information about the tbb-dev mailing list