I visited http://www.andlabs.org/tools/jsrecon.html and it is allowing to do port-scan over the client network using web-socket. I am getting confused about this technology because if someone is scanning your network without including xss vulnerability to the website. Then why can't we install any Trojan or any customizable .exe to the client side using cmd?
Correct me if i am wrong here.
I don't understand your question regarding "Trojan" or ".exe", but you probably need to understand that this website instructs your browser to do something in the local network, there is no remote party involved in "network scanning".
This website does a very simple thing: it provides some JavaScript (JS) code that is executed locally (i.e. by the browser displaying this website). The JS code is (mis)using the Browser's websocket (and other) technologies for 'scanning' the local network (whatever this should mean, I did not dig into the details of the code).
Related
Research On Firefox Extensions Connections
I have read the FAQ's on Firefox Extensions (https://addons.mozilla.org/en-us/faq) and have looked at their community forums for information but wasn't able to find anything on how extensions actually connect and collect your data.
The closest I found was the Mozilla Wiki page on data collection (https://wiki.mozilla.org/Firefox/Data_Collection) but it only gives you the basic opt in/out data collection levels.
What I'm trying to understand:
If I'm using a manually configured anonymous proxy in Firefox, could the extension potentially send my actual IP address (not my proxy IP address) back to a third party?
Example: Translate Extension
For example, if I were to use the Google Translate for Firefox, would Google be able to see my original IP?
What I was thinking
Since the proxy is the only way for the browser to connect to the internet, the extension would have to use the proxy IP address to connect and thus, would only be able to see the proxy IP address. However, I would love to be sure that there is no back door or way of the extension revealing my original IP.
Any insight is greatly appreciated. We are not doing anything unethical, we just have to maintain separate IP usage for various clients and do not want to risk mixing their information. Thanks again.
Firefox extensions are usually not limited in what they can do, only extensions based on the WebExtensions framework are sandboxed - currently the majority of Firefox extensions is still either classic XUL-based extensions or based on the Add-on SDK, these don't have inherent restrictions. So in theory an extension can do lots of things in order to deanonymize you, for example:
Use nsIDNSService in order to retrieve your local IP address (usually, this address isn't valid outside your local network however).
Change browser settings, in particular disable your configured proxy server.
Use external command line tools in order to read out system information or send a request bypassing the browser.
Read files on your hard drive in order to find your name.
Note that Chrome also offers an API to modify browser's proxy settings extensions, and a similar API is planned for WebExtensions. So even sandboxing doesn't always protect against deanonymization, and you need to trust the extensions you are installing.
However, the extensions hosted on Addons.Mozilla.Org are usually reviewed by Mozilla (the ones that aren't reviewed yet have a yellow install button and a warning). One aspect that the reviewers look into is: does this add-on do what it claims to do or are there unexpected side-effects? Any unexpected functionality has to be strictly opt-in, with full explanation about the implications. This was introduced in 2009 as the No Surprises policy and works remarkably well. Chrome Web Store doesn't have any comparable policy.
I am planning to host a clickonce application in a web server and want to give access over http (NOT httpS). The application is signed with a certificate. I assume that this should be OK not to use https because man-in-the-middle attacks cannot spoof the singed binaries. I've following questions regarding this.
Are there any other security threats that I should be aware of?
Does using http over https increase perceivable performance (assume there are many clients downloading the setup files from server. There should be less overhead on server with plain http)
thanks.
If there is any kind of access control on the application, using http makes it easier for someone to retrieve the application from a network trace, or find out the real URL.
(I use this sometimes when i'm interested in an .apk file. There's no easy way to get the .apk in google play, but when i start a network trace on my router, then have my android install the apk, i can get the URL from the trace and download the same URL to my PC. No rootkits or special software required).
If you have a recent CPU and software stack, then the crypto part of https is done in hardware in the CPU, which means there is little or no detectable overhead in https.
It is my belief that if you use HTTPS with locally hosted pages, making Ajax requests to secure servers, it is either not possible or flawed.
The reason I think so, is because we are no longer in the domain (say https://securewebsite.com) , rather on a local page, accessing a secure server.
This is just something I "think", and I would really appreciate it if someone can point out any mistakes in assuming that.
I have the following problem to solve:
I few months ago I startet a website where you can watch youtube videos which aren't available in your country. Everythings works fine but now I want to offer a new method where I route all the requests directly over my server. Therefore I will later use a custom DNS-Server. Right now I use the hosts file for testing but I have really no idea how i can identify the user. I can promp the user user to login on a website but I will that it works systemwide so if he use a youtube downloader for example it have to work there either and not only in the browser where I could use a session system with cookies. I want a solution where the user can identify himself once in a time like a website or something like this but how can my server detect if this is a user which is logged in or if he is not?
There are several ways that this could be accomplished with varying levels of difficulty.
standard proxy server over https. Your service could simply be a proxy server and then every "client" would update their browser to point to your proxy server. You could also simplify this by using a proxy PAC file (proxy auto config).
An anonomyzing interface. The end user would not be able to use their standard search tools etc, instead they would have to use a web page much like what google translate does.
A browser plugin. There are already firefox plugins which do something similar to this. They change the way that the browser resolves DNS. This may be the best bet for you but would require development work.
An actual install utility that you have your users install on their machines which update the dns servers.
I want to develop a software which restricts users internet access using vb6 or vb.net.
This is not a baby sitter program but
1) whenever a client machine takes any browser it should ask for username and password.
2)There should be option for adding new users at the server side application.
can anyone suggest any name of such a software. or some sites where I can get some help
on the same..
You could implement a HTTP proxy using sockets. You would turn off internet connection sharing on your server and configure the other machines to connect to the web via your proxy.
I would recommend going for an off the self solution e.g. in a router rather than building something from scratch.
If you are dead set on using VB6 you could make use of the winsock control. Here is a project using winsock to serve files. You could modify it to become a multithreaded proxy server instead. It will be a tough challenge though.
http://www.codeproject.com/KB/IP/winsock.aspx