-
-
Notifications
You must be signed in to change notification settings - Fork 384
🆕 Software Suggestion | Port Authority #2363
Comments
It looks good. |
+1 |
@Q1011 @peepopoggers <3 Please reach out with any thoughts on how to improve! |
Good job! Will you be extending this to support Chrome as well? |
@yugen-sec Yea, I'll be working on a port to chrome very soon. |
@campbellkerr Yes! Please file a bug report https://github.com/ACK-J/Port_Authority/issues and I will try and fix it asap. |
@ACK-J it seems ublock origin now also blocks LAN. Would installing Port Authority have any benefit? https://teddit.net/r/privacytoolsIO/comments/ooie4u/psa_ublock_origin_added_two_new_stock_filter/ |
@ph00lt0 No. I'm not exactly sure how their regex stacks up to mine but it probably works fine and will only get better. You can simply use uBlock instead of PortAuthority. rip |
@ACK-J thanks for your honest answer. Either-way I appreciate that you brought attention to this. |
@ph00lt0 Yea of course. I love uBlock and I think this was an area they were lacking in so I'm really excited I was able to bring attention to it. I'm still going to maintain Port Authority if anyone was wondering. I have a beautiful redesign of the GUI coming out in a month or so, working on finishing touches right now but slammed with other work. It allows you to visualize which IP's and ports the site is trying to connect with as well as the domains of the threatmetrix scripts. |
@ACK-J that sounds very good for doing research. I am not sure if it will be listed because the less add-ons you need the better, but let's see what others have to say. |
Basic Information
Name: Port Authority
Category: Browser Add-ons
URL: https://github.com/ACK-J/Port_Authority
Blog Post: https://www.g666gle.me/Port-Authority/
URL: https://addons.mozilla.org/en-US/firefox/addon/port-authority/
Description
Blocks websites from utilizing javascript to port scan your computer / internal network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts. This add-on does not collect any user data ever and all processing happens within the users browser.
This add-on is highly auditable, being only about 150 lines of javascript, not including the GUI. It functions by using this regex I wrote HERE to check if a non-internal IP address ( ex.
google.com
) is trying to connect with an address on your local network ( ex.127.0.0.1:9001
) if so the request will be blocked. The second thing this add-on does is check every request to see if the domain name (ex. google.com) has aCNAME
record that redirects toonline-metrix.net
, which is a trick they use to pull down an extremely invasive data collection script, which I go more into detail with below.Example of why this addon is crucial
Go to https://www.chick-fil-a.com/ (temporarily disable ad-blockers) and click sign in, then open up your network console (CTRL + SHIFT + I) and view chick fil a port scanning your computer.
Example of Ebay trying to pull down Lexis Nexis's invasive data script. You can see it reaching out to
src.ebay-us.com
which is just a CNAME forh-ebay.online-metrix.net.
Here's every endpoint I have found that redirects using a CNAME just like
src.ebay-us.com
does HEREWhy I am making the suggestion
I was intrigued back in May of 2020 when eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
CNAME
record to Lexis Nexis' servers.416
pieces of personally identifiable information about you and your network. ( Shown HERE )So I developed multiple ways to stop this. The first being the existing functionality built into Port Authority. By default, Port Authority will check the sites that your browser reaches out to and if it redirects to Lexis Nexis' infrastructure, it will be blocked and you will receive a notification. The second is a Python script I wrote which uses Shodan to find all of Lexis Nexis' customer-specific domains on the internet HERE. You can add the output of the script to a blocker such as uBlockOrigin to prevent your computer from connecting to them.
Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.
Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/
My connection with the software
I wrote the add-on :)
The text was updated successfully, but these errors were encountered: