Via and X-Forwarded-For request headers in all my requests
Hi, I am using firefox 72.0.2 with archlinux. Few days ago I discovered that all my requests are done by using request headers via and X-Forwarded-For. Right now, when I browse the web, every request headers in the web developper > network section have this : Via: 1.1 37.245.166.163 X-Forwarded-For: 37.245.166.163
Looking at ARIN information it seems the ip belongs to Emirates Telecommunications Corporation (see https://mxtoolbox.com/SuperTool.aspx?action=arin%3a37.245.166.163&run=toolpage)
If I start a new firefox process (not tab), the ip used by those headers is different, I was using a proxy in Singapour and Mexico last 2 times.
I try to disable all firefox extensions installed to see if it changes something. Nothing, the use of proxy was still there. And in Preferences -> Networking Settings, the No proxy option is set.
I asked friends with same firefox version, they do not have those request headers. Where does this behavior come from ? There is another way to set proxy in firefox ? Is my firefox hacked ? I try with chromium or some network command in console, and there is no request headers added.
Thank you.
Chosen solution
I have retried to disable all extensions and enable one by one and I find the one that does this behavior.
I use chameleon and I tick the box Spoof IP in settings. This option add request headers Via and X-Forwarded-For.
Thank you for your help.
Read this answer in context 👍 0All Replies (5)
X-Forwarded-For: 37.245.166.163 this is your external IP address, for whatever reason. No proxies are listed after it. Via: 1.1 37.245.166.163 the same address, with the HTTP version in front of it.
Extensions can't change your internet-facing IP. Even if it were spoofed in requests, how would you receive incoming traffic? It would be sent to the real network of that IP.
If they don't match, you may have a problem. Of course, if you are connected to a mobile network, things with IP addresses get way messier.
Are there any relevant network.http prefs user set (bold) on the about:config page ?
Thank you for your answers crankygoat and cor-el.
@cor-el : the only parameter in bold is network.http.speculative-parallel-limit with a value of 0
@crankygoat : perhaps my description was not clear. I have no issue in browsing. My issue is that all request in firefox are done with those request headers and I don't set anything for. Right now the external ip address is 166.105.6.110. If I use another browser like chromium my ip is 81.64.130.251. If I do a traceroute from command line, public ip is also with one of my ISP.
It means that all my firefox traffic is going through "random" proxies, and I don't want it. But I don't know where does this behavior is coming from. It looks like a MiM attack.
Modified
I just test to create a new user profile by running firefox -p. With this new profile, Via and X-Forwarded-For aren't in request headers :D
Chosen Solution
I have retried to disable all extensions and enable one by one and I find the one that does this behavior.
I use chameleon and I tick the box Spoof IP in settings. This option add request headers Via and X-Forwarded-For.
Thank you for your help.