Analysing Akamai traffic

0

1

There's a site from which I have to get information from. This site streams a video file leaning against Akamai platform. I tried everything I know to gather information (the real video's url) while the page loads but I always get the same (useless) results.
That said, if I open the site in TOR - well, things are a little different. While in normal browsing I obtain headers whose request urls are like http://ushds2-vh.akamaihd.net/useful_link_part_, in TOR I'm able to get the real url of the streamed video, which is made up of http://real_site.com/ + useful_link_part_., simply through the built-in debug tools. In a nutshell, browsing the same page on different browsers produces slightly different headers.

So, how does this work? Why am I not able to intercept these "special" headers through "normal" browsing? In which way does TOR operate?


*Among tools I tried there are Fiddler, debug tools of browsers, MS Network Monitor, Wireshark.. I also tried switching IP, DNS, user agents, HTTP(S) settings but with no success at all.

EDIT: Maybe I didn't explain the situation clearly. In short, through Firebug (Firefox extension) I managed to get some links that point to video files (various qualities) that are like http://foo.com/relinker/relinkerServlet.htm?cont=video_hash. These links, when parsed normally, request the corresponding Akamai link of the video which is like http://ushds2-vh.akamaihd.net/some_stuff and then the streaming starts. But this doesn't happen in TOR. In fact parsing that link (foo...) the real url of the file (that resides on a satellite site and not on Akamai) is requested and again the streaming starts but this time from the real url itself. It's important to say that all this process happens automatically. Now the real question is: why this behavior? How does TOR manage to obtain that link in place of Akamai link? Could it be due to proxies?
Moreover I found out that there's a site, UnderGet, that allows to reach the same result more or less, it retrieves the real video url starting from the first link (foo). The description says that "UnderGet allows you to download files that are otherwise blocked by a firewall or other tool at your work, school or country."

m2cit

Posted 2014-11-17T17:38:58.997

Reputation: 379

Question was closed 2014-11-18T03:39:14.017

Why do you think the real address would ever leave their servers? – Daniel B – 2014-11-17T17:42:05.597

Answers

1

A long time ago I had dinner with Daniel Lewin, one of the founders of Akamai and we talked a little about Akamai's technology. Back then he was using dynamically distributed content where parts of content would or could reside on multiple hardware. The front end servers would receive a request, and then decide which servers at that moment would deliver content to the recipient with the least performance degradation. This content could be assembled from multiple servers. There was some fancy tomfoolery with the networking protocols to trick everyone into thinking the content was coming from one source.

It does not surprise me that you are having trouble pinpointing the source, because IIRC, the source is a unique virtual source created for you, the viewer, at this instance in time.

Perhaps this has changed in 15 years (this was before 9/11, of course), but in essence, Akamai bends the rules.

Timbo

Posted 2014-11-17T17:38:58.997

Reputation: 390

Asked: 2014-11-17T17:38:58.997

Viewed: 193 times

Active: 2014-11-22T12:27:02.303