登录
Port Authority 预览

Port Authority 作者: Hacks and Hops

推荐

Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.

您需要 Firefox 来使用此扩展
下载 Firefox 并安装扩展
下载文件
2,503
用户
29
评价
4.6 星
5
21
4
5
3
3
2
0
1
0
屏幕截图
The GUI allows the user to turn on or off global blocking, notifications and add domains to a whitelist using the gear in the top right corner.Add or remove domains from the whitelist such that if they make a local request or request a Lexis Nexis script, it will be allowed.Discord port scanning your computer trying to connect with the desktop app.Chick-fil-a attempting to run ThreatMetrix scripts but being blocked by Port Authority.Ebay in May of 2020 was caught port scanning every user that went to its homepage.
关于此扩展
Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Please report your bugs or feature requests in a GitHub issue instead of in a review.

Test if it works!
https://github.com/ACK-J/Port_Authority/blob/main/TestPortScans.html

What does this addon do?
1. Blocks all possible types of port scanning (HTTP/HTTPS/WS/WSS/FTP/FTPS)
2. Dynamically blocks the LexisNexis ThreatMetrix tracking script.
3. Easily auditable, with the core functionality being about 200 lines of commented code. HERE
4. Sends an optional browser notification when one of the above scenarios are blocked.
5. Provides an optional whitelist to prevent portscans and tracking scripts from being blocked on trusted domains.
6. This addon doesn't store/transmit any data or metadata about you or your requests... because ya know privacy

Donations
  • Monero Address: 89jYJvX3CaFNv1T6mhg69wK5dMQJSF3aG2AYRNU1ZSo6WbccGtJN7TNMAf39vrmKNR6zXUKxJVABggR4a8cZDGST11Q4yS8

Regex Explanation
Test HTTP / HTTPS Portscanning
Test Websocket Portscanning
Sites that port scan you or otherwise run ThreatMetrix scripts HERE

Permissions Needed
Display notifications to you
This is needed so the addon can alert you when a malicious scripts is blocked or javascrpt port scanning is blocked.

Access browser tabs
This is needed so the addon can display the proper number of blocked requests on a per-tab basis.

Access your data for all websites
This is needed because the addon needs to check every request your browser makes to determine if it needs to be blocked.

Warning!
  • USING SOCKS5 PROXIES WITH THIS ADDON WILL CAUSE DNS LEAKS DUE TO HOW FIREFOX HANDLES CNAME LOOKUPS. FOR MORE INFORMATION SEE HERE https://github.com/ACK-J/Port_Authority/issues/7#issue-925519591
  • There is a simple fix for this. Type about:config in your browser, accept the warning, search for network.trr.mode and change it to 3

Why I wrote this addon?
Back in May of 2020 eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
  • The data being exfiled from your computer is encrypted into an image using XOR.
  • The domain it reaches out to is made to look legitimate but redirects using a CNAME record to Lexis Nexis' servers.
  • It can determine your "TrueIP" even if you are using a VPN / Proxy HERE. This is likely due to the aggressive fingerprinting.
  • The JavaScript is assembled via string.join (like malware often does) and then executed in a service worker.
  • Each time you load the page the JavaScript is re-obfuscated. This makes debugging what they are doing extremely difficult.
  • The script collects 416 pieces of personally identifiable information about you and your network. ( Shown HERE )
  • They talk about trying to bypass adblockers by using encryption in their customer onboarding documentation HERE

So I developed multiple ways to stop this. The first being the existing functionality built into Port Authority. By default, Port Authority will check the sites that your browser reaches out to and if it redirects to Lexis Nexis' infrastructure, it will be blocked and you will receive a notification. The second is a Python script I wrote which uses Shodan to find all of Lexis Nexis' customer-specific domains on the internet HERE. You can add the output of the script to a blocker such as uBlockOrigin to prevent your computer from connecting to them.

Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.

Reverse Engineering

Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/

Zachary Hampton wrote some tools to reverse engineer the ThreatMetrix scripts. Go check it out https://github.com/ZacharyHampton/tmx-solver
  • Solver
  • Deobfuscator
  • Harvester
  • Payload Decryption Site
  • Network Comparator (compare solver to real implementation)
为您的体验打分
您使用 Port Authority 的体验如何?

已保存星级评分

举报此附加组件
权限详细了解

此附加组件需要:

  • 为您显示通知
  • 存取浏览器标签页
  • 访问您在所有网站的数据
更多信息
附加组件链接
版本
2.0.0
大小
166.5 KB
上次更新
1 个月前 (2025年2月28日)
相关分类
许可证
仅 GNU 通用公共许可证 v2.0
版本历史
标签
添加到收藏集
2.0.0 的发布说明
Improved memory management to prevent race conditions and memory leak which filled the extension memory and caused the extension to crash
Added domain whitelist support
Updated regex to fix 0.0.0.0 Day
Added persistent settings after reboot
Added domain to the notification

More Information: https://github.com/ACK-J/Port_Authority/pull/43
Hacks and Hops 制作的更多扩展