Port Authority 제작자: ACK-J, J.
Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.
이 확장 기능을 사용하려면 Firefox가 필요함
확장 메타 데이터
스크린샷
정보
Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Please report your bugs or feature requests in a GitHub issue instead of in a review.
Blog Post (Currently Down)
https://www.g666gle.me/Port-Authority/
Test if it works! (Currently Down)
https://www.g666gle.me/PortScan.html
What does this addon do?
If you are feeling generous or really like my work, consider donating
Regex Explanation
Test HTTP / HTTPS Portscanning
Test Websocket Portscanning
Sites that port scan you or otherwise run ThreatMetrix scripts (Wall of Shame) HERE
Permissions Needed
Warning!
Why I wrote this addon?
Back in May of 2020 eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.
Reverse Engineering
Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/
Zachary Hampton wrote some tools to reverse engineer the ThreatMetrix scripts. Go check it out https://github.com/ZacharyHampton/tmx-solver
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Please report your bugs or feature requests in a GitHub issue instead of in a review.
Blog Post (Currently Down)
https://www.g666gle.me/Port-Authority/
Test if it works! (Currently Down)
https://www.g666gle.me/PortScan.html
What does this addon do?
- Blocks all possible types of port scanning (HTTP/HTTPS/WS/WSS/FTP/FTPS)
- Dynamically blocks the ThreatMetrix tracking scripts made by one of the largest and least ethical data brokers IMO (Lexis Nexis)
- Easily auditable, with the core functionality being about 250 lines of commented code. HERE
- Gives an optional notification when one of the above scenarios are blocked
- Provides an optional whitelist to prevent portscans and tracking scripts from being blocked on trusted domains
- This addon doesn't store/transmit any data or metadata about you or your requests... because ya know privacy
If you are feeling generous or really like my work, consider donating
- Monero Address: 89jYJvX3CaFNv1T6mhg69wK5dMQJSF3aG2AYRNU1ZSo6WbccGtJN7TNMAf39vrmKNR6zXUKxJVABggR4a8cZDGST11Q4yS8
- Total donated (Jan 1, 2024): 0.0 XMR
Regex Explanation
- Explanation of the regex used to determine local addresses:
- https://regex101.com/r/DOPCdB/17
Explanation of the regex which is used to match the protocol: - https://regex101.com/r/f8LSTx/2
Test HTTP / HTTPS Portscanning
- Site where you can test if HTTP port scanning works: https://defuse.ca/in-browser-port-scanning.htm
- Site where you can test if HTTP port scanning works: https://inteltechniques.com/logger/
- Site where you can test if HTTP port scanning works: https://ports.sh/
- Site where you can test if HTTP port scanning works (Output gives false positives): http://samy.pl/webscan/
- Click CTRL + Shift + I to see the networking tab where the blocked port scans will be shown.
Test Websocket Portscanning
- Site where you can test if WebSocket port scanning works: https://discord.com/invite/32ZNZVN
- Blog Post
- Click CTRL + Shift + I to see the networking tab where the blocked port scans will be shown.
Sites that port scan you or otherwise run ThreatMetrix scripts (Wall of Shame) HERE
Permissions Needed
- Display notifications to you
- This is needed so the addon can alert you when a malicious scripts is blocked or javascrpt port scanning is blocked. Access browser tabs
- This is needed so the addon can display the proper number of blocked requests on a per-tab basis. Access your data for all websites
- This is needed because the addon needs to check every request your browser makes to determine if it needs to be blocked.
Warning!
- USING SOCKS5 PROXIES WITH THIS ADDON WILL CAUSE DNS LEAKS DUE TO HOW FIREFOX HANDLES CNAME LOOKUPS. FOR MORE INFORMATION SEE HERE https://github.com/ACK-J/Port_Authority/issues/7#issue-925519591
- There is a simple fix for this. Type about:config in your browser, accept the warning, search for network.trr.mode and change it to 3
Why I wrote this addon?
Back in May of 2020 eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
- The data being exfiled from your computer is encrypted into an image using XOR.
- The domain it reaches out to is made to look legitimate but redirects using a CNAME record to Lexis Nexis' servers.
- It can determine your real IP address even if you are using a VPN / Proxy HERE. This is likely due to the aggressive fingerprinting.
- The JavaScript is assembled via string.join (like malware often does) and then executed in a service worker.
- Each time you load the page the JavaScript is re-obfuscated. This makes debugging what they are doing extremely difficult.
- The script collects 416 pieces of personally identifiable information about you and your network. ( Shown HERE )
- They talk about trying to bypass adblockers by using encryption in their customer onboarding documentation HERE
Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.
Reverse Engineering
Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/
Zachary Hampton wrote some tools to reverse engineer the ThreatMetrix scripts. Go check it out https://github.com/ZacharyHampton/tmx-solver
- Solver
- Deobfuscator
- Harvester
- Payload Decryption Site
- Network Comparator (compare solver to real implementation)
평가
권한더 알아보기
다음 권한 필요:
- 알림 표시
- 브라우저 탭에 접근
- 무제한 클라이언트 데이터 저장
- 모든 웹사이트에서 사용자의 데이터에 접근
추가 정보
- 부가 기능 링크
- 버전
- 1.1.4
- 크기
- 169.74 KB
- 마지막 업데이트
- 9달 전 (2023년 8월 3일)
- 관련 카테고리
- 라이선스
- GNU General Public License v2.0
- 버전 목록
- 태그
모음집에 추가
버전 1.1.4의 출시 정보
- Reverted code back to 1.1.2 for the time being since there were a lot of issues reported with 1.1.3
이 개발자들의 다른 확장 기능
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다
- 아직 평점이 없습니다