
Port Authority by ACK-J
Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.
You'll need Firefox to use this extension
Extension Metadata
Screenshots




About this extension
Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Blog Post
https://www.g666gle.me/Port-Authority/
Test if it works!
https://www.g666gle.me/PortScan.html
What does this addon do?
If you are feeling generous or really like my work, consider donating
Regex Explanation
Test HTTP / HTTPS Portscanning
Test Websocket Portscanning
Test sites that port scan you or otherwise run ThreatMetrix scripts (Wall of Shame!)
Permissions Needed
Warning!
Why I wrote this addon?
I was intrigued back in May of 2020 when eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.
Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Blog Post
https://www.g666gle.me/Port-Authority/
Test if it works!
https://www.g666gle.me/PortScan.html
What does this addon do?
- Blocks all possible types of port scanning (HTTP/HTTPS/WS/WSS/FTP/FTPS)
- Dynamically blocks the ThreatMetrix tracking scripts made by one of the largest and least ethical data brokers IMO (Lexis Nexis)
- Easily auditable, with the core functionality being about 250 lines of code. HERE
- Gives an optional notification when one of the above scenerios are blocked
- This addon doesn't store/transmit any data or metadata about you or your requests... because ya know privacy
If you are feeling generous or really like my work, consider donating
- Monero Address: 89jYJvX3CaFNv1T6mhg69wK5dMQJSF3aG2AYRNU1ZSo6WbccGtJN7TNMAf39vrmKNR6zXUKxJVABggR4a8cZDGST11Q4yS8
Regex Explanation
- Explanation of the regex used to determine local addresses:
- https://regex101.com/r/DOPCdB/16
Explanation of the regex which is used to match the protocol: - https://regex101.com/r/f8LSTx/2
Test HTTP / HTTPS Portscanning
- Site where you can test if HTTP port scanning works: https://defuse.ca/in-browser-port-scanning.htm
- Site where you can test if HTTP port scanning works: https://inteltechniques.com/logger/
- Click CTRL + Shift + I to see the networking tab where the blocked port scans will be shown.
Test Websocket Portscanning
- Site where you can test if WebSocket port scanning works: https://discord.com/invite/32ZNZVN
- Site where you can test if WebSocket port scanning works: http://frontend-overflowstack.com/
- Blog Post
- Click CTRL + Shift + I to see the networking tab where the blocked port scans will be shown.
Test sites that port scan you or otherwise run ThreatMetrix scripts (Wall of Shame!)
- https://signin.ebay.com
- https://login.my.chick-fil-a.com
- https://bestbuy.com/identity/signin
- https://dazn.com/en-US/account/signin
- https://login.globalsources.com
- https://auth.bitbay.net/login
- https://login.mahix.org
- https://marcus.com/us/en/login
- The full list of endpoints can be found HERE.
Permissions Needed
- Display notifications to you
- This is needed so the addon can alert you when a malicious scripts is blocked or javascrpt port scanning is blocked. Access browser tabs
- This is needed so the addon can display the proper number of blocked requests on a per-tab basis. Access your data for all websites
- This is needed because the addon needs to check every request your browser makes to determine if it needs to be blocked.
Warning!
- USING SOCKS5 PROXIES WITH THIS ADDON WILL CAUSE DNS LEAKS DUE TO HOW FIREFOX HANDLES CNAME LOOKUPS. FOR MORE INFORMATION SEE HERE https://github.com/ACK-J/Port_Authority/issues/7#issue-925519591
- There is a simple fix for this. Type about:config in your browser, accept the warning, search for network.trr.mode and change it to 3
Why I wrote this addon?
I was intrigued back in May of 2020 when eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
- The data being exfiled from your computer is encrypted into an image with XOR.
- The domain it reaches out to is made to look legitimate but redirects using a CNAME record to Lexis Nexis' servers.
- It can determine your real IP address even if you are using a VPN / Proxy HERE.
- The javascript is assembled via string.join (like malware often does) and then executed in a service worker.
- Each time you load the page the javascript is re-obfuscated.
- The script collects 416 pieces of personally identifiable information about you and your network. ( Shown HERE )
Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.
Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/
Rate your experience
Report this add-on for abuse
If you think this add-on violates Mozilla's add-on policies or has security or privacy issues, please report these issues to Mozilla using this form.
Please don't use this form to report bugs or request add-on features; this report will be sent to Mozilla and not to the add-on developer.
PermissionsLearn more
This add-on needs to:
- Display notifications to you
- Access browser tabs
- Store unlimited amount of client-side data
- Access your data for all websites
More information
- Add-on Links
- Version
- 1.1.2
- Size
- 169.74 KB
- Last updated
- 4 months ago (Dec 1, 2022)
- Related Categories
- License
- GNU General Public License v2.0
- Version History
- Tags
Add to collection
Release notes for 1.1.2
- Removed IPv6 regex as it was never used and was likely causing the crashes everyone experienced
More extensions by ACK-J
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet
- There are no ratings yet