Block Iframes, JavaScript, Redirections

Status
Not open for further replies.

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Found true Popupblocker (for Firefox and forks only): Popupblocker – Add-ons for Firefox
- by Joofthan.
In the popup window, notch: Block all new tabs.
It works tirelessly!
- It blocks above all malware redirection pages (malwares using new windows).
I use too Behind The Overlay, Gif Blocker (always Enable), and above all: Policy Control and Redirect Control.

In Policy Control, my settings are:
Media, Object: on Block all (and with Image on Block all you're able to block more ads)
Script (JavaScript) and XMLHttpRequest on Block third-party,
Sub Document on Block all... and with these settings no more redirects and practically no ads, using too this new to me Popupblocker.
(You see, that I don't use Adguard AdBlocker or others like it, with signatures...)

Users comments:
"The very first popup I saw on a video site after updating Firefox and losing my old blocker was obvious malware disguised as a Firefox update with a [modal] page that could not be closed due to dialog popups and it is easy to see how people could be caught out by something like that. This add on makes the internet safe and usable once again..."
"I STRONGLY Recommend Everyone to Test this one!!"

_____________

Tests of ads very complete (many examples) on linearpublishing.com: (page for Overlay test here): Overlay Ads
- but for other ad examples you have many links on the right side of this page, 'All ads simultaneously' latest link too!;)

To test malicious redirections (malwares using new windows), you have some links in my precedent posts, eg. you have adware redirections if click on buttons at the top of this page: hxxps://watchfree.ws/watchfree-movies-online (attention!)
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Recently, in Firefox and Nightly browsers I've replaced QuickJS with the new one for me YesScript2 add-on.
Reason: The QuickJS disable Policy Control during its run.
YesScript2 does not do this, and is more interesting in terms of capabilities.

Judge for yourself: YesScript2 by Andras Horvath: YesScript2 – Add-ons for Firefox

It marks the domain of the active tab untrusted, reloads the page and blocks scripts from running on it. An option for the user to stop a website eating up resources or doing malicious things even if it breaks the functionality of the page.
Features:
  • 3 states of blocking: full blocking (=red icon) (blocking internal and external scripts too), half blocking (=blue icon) (allowing internal and blocking external scripts) and no blocking (gray icon)
  • single click operation
  • automatic page reload
  • utilizing Firefox's Sync feature to remember and auto restore settings across devices (version 53+ or local storage only)
  • compatible with desktop and mobile platforms

Pushing functionality from server side back to the users by running more codes on their computers instead of on the server is a tendency where the industry go and so web sites use more and more resources on the users' devices so their battery may go off faster. The other problem is that websites and web services become more and more vulnerable for cyber attacks using cross site scripting and other techniques. These can be solved with this extension with some trade off.

Turning off scripts on websites might break functionality. However if some of them use heavy scripting making your device slow or you worry about being hacked through that site then it is a good practice to block scripts if you want to visit them anyway.

This tool is just an option for you. There are other more sophisticated options like using the NoScript extension which is a great piece of work that gives you better security because it can block scripts before loading at all whereas YesScript2 blocks them after you activate it by clicking on the icon. However teaching your browser for every domain and every script calls with NoScript seems a tedious and long work. It varies to whom it's worth it. If it's not you then YesScript2 might work for you better.

One of the main priorities when writing this extension was to create a small code set so it can be audited much easier making it more trustful. The less lines of code, the more reliable and secure a solution can be.

_______________

- -very interesting script switch, i play with it now! (watchfree.ws and similar adware redirections on new window shady websites to test).
Make sure you have Policy Control, Redirect Control, Popupblocker, Gif Block, Behind the Overlay...on Firefox, Nightly and other FF forks.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Every additional extension that you install is another extension that can get hacked and receive malicious updates, or be sold to an unscrupulous party. Since these things can and do happen, it's best to keep it down to a minimum, in order to reduce risks.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Every additional extension that you install is another extension that can get hacked and receive malicious updates, or be sold to an unscrupulous party. Since these things can and do happen, it's best to keep it down to a minimum, in order to reduce risks.
Sure, shmu!
But for reduce risks, I chose rather only from developers who are still very much alive, who have trustworthy websites.
Eg developer of this add-on above, Andras Horvath, it has the trustworthy website, I posted the link too, here too:
user info: User Info for Andras Horvath :: Add-ons for Firefox
- and homepage of developer: on frontfoo.com: frontfoo.com
He is personally interested in developing the code, this can be seen clearly from the posting on his homepage: his proposal is on the "web app development with STANDARD HTML, CSS AND JAVASCRIPT to access and manipulate data without the knowledge and hassle of the underlying full layers of backend programming and server maintenance".... In addition he has a face too trustworthy, the glasses also visibly are of good quality... so... so... he is Hungarian, I like Hungarians!
I hope you have nothing against Hungarians and their add-ons? Which are offered to us for free...

Shmu, if you have seen an extension that I've posted, that you don't consider trustworthy, quickly give us the sign, so that we can also judge again...
Because first - I tried all the extensions/add-ons I posted the links, I have pure conscience.
 
  • Like
Reactions: given

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Sure, shmu!
But for reduce risks, I chose rather only from developers who are still very much alive, who have trustworthy websites.
Eg developer of this add-on above, Andras Horvath, it has the trustworthy website, I posted the link too, here too:
user info: User Info for Andras Horvath :: Add-ons for Firefox
- and homepage of developer: on frontfoo.com: frontfoo.com
He is personally interested in developing the code, this can be seen clearly from the posting on his homepage: his proposal is on the "web app development with STANDARD HTML, CSS AND JAVASCRIPT to access and manipulate data without the knowledge and hassle of the underlying full layers of backend programming and server maintenance".... In addition he has a face too trustworthy, the glasses also visibly are of good quality... so... so... he is Hungarian, I like Hungarians!
I hope you have nothing against Hungarians and their add-ons? Which are offered to us for free...

Shmu, if you have seen an extension that I've posted, that you don't consider trustworthy, quickly give us the sign, so that we can also judge again...
Because first - I tried all the extensions/add-ons I posted the links, I have pure conscience.
You know a lot more about these extensions than I do. If it's good enough for you, it's good enough for me.
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Results of my test:

If YesScript2 is on half blocking
(=blue icon; allowing internal and blocking external scripts) - it blocks start of new window malicious redirections, so you're safe ( seen with this watchfree.ws link from post #42, redirecting - after click on buttons at the top of the page - to 77f24529d8427410.com adware, on new window)....
- even if Policy Control is disabled! And Popupblocker disabled too.

- too on half blocking position, blocks overlay ads (too with Policy Control disabled), and blocks most of ads with Policy Control enabled (which is with Image on Block all). - I've tested with:
Overlay Ads: Overlay Ads
All Ads Simutaneously: All Ads Simutaneously

Leave YesScript2 enabled for all websites, except login on MT, Edit function on MT...

So this YesScript2 is very good defense utility!
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
In Policy Control, set Image on Block all - if you wish browse on nasty shady websites only.
While your normal browsing on safe websites switch Image on Allow all.

That way, everyone would be happy.
 
  • Like
Reactions: given

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Weird, but the two links to test I posted in the post #47 above, works no more Today!
- these links:

Overlay Ads: Overlay Ads

All Ads Simutaneously:
All Ads Simutaneously


- are Redirected to "Problem loading page" page: http://foo.example.com/cgi-bin/tester
"Server not found
Firefox can’t find the server at foo.example.com. ..."

- and on CENT browser:
"This site can’t be reached
foo.example.com’s server DNS address could not be found.
ERR_NAME_NOT_RESOLVED"

linearpublishing.com is dead with this redirect manner...
verify-www.com spoked here: “foo.example.com_cgi-bin_tester” Site Info - (read error or page not found: 5000 - 302 - text/html; charset=iso-8859-1)

So my links have "foo.example.com" redirect attached to normal address, why?
Hacked addresses, hacked website?...

Yes the whole web is the big swamp.

- Some of you could get comments, please?
 
Last edited:
  • Like
Reactions: given

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
OK., website from post above works today, no more appendice redirect "foo.example.com" in the links.
 
  • Like
Reactions: given

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Testing links
by tumpio

This page includes links for testing redirection filtering and URL parameters trimming.

Thanks @Faberman for creating this test page!

Testing tools: HttpFox, Fiddler, Firefox Network Monitor, WireShark

Redirection without parameters:

1 Steam Community
Pattern: steamcommunity.com linkfilter/?url=*
Target URL: Add-ons for Firefox
2 https://outgoing.prod.mozaws.net/v1/ca408bc92003166eec54f20e68d7c771ae749b005b72d054ada33f0ef261367d/https://github.com/tumpio/requestcontrol
Pattern: outgoing.prod.mozaws.net *
Target URL: GitHub - tumpio/requestcontrol: A Firefox extension
3 deviantART: Outgoing Link
Pattern:*.deviantart.com *outgoing?*
Target URL: foobar2000
4 https://www.site2.com/chrome/?i-would-rather-use-firefox=https://www.mozilla.org/
Pattern: www.site2.com *?*=*
Target URL: Internet for people, not profit

Redirection with parameters:

5 https://site.com/away.php?to=https://github.com&cc_key=
Pattern:*.site.com *?to=*
Target URL: Build software better, together
6 https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwiGvaeL1-HTAhUBP5oKHfDoDqQQFggrMAA&url=https://addons.mozilla.org/&usg=AFQjCNGoTdPVJJYDmaDkKoFSpuasv6HVCg&cad=rjt
Pattern:*.google.* url?*
Target URL: Add-ons for Firefox
7 https://l.facebook.com/l.php?u=https://www.fsf.org/campaigns/&h=ATP1kf98S0FxqErjoW8VmdSllIp4veuH2_m1jl69sEEeLzUXbkNXrVnzRMp65r5vf21LJGTgJwR2b66m97zYJoXx951n-pr4ruS1osMvT2c9ITsplpPU37RlSqJsSgba&s=1
Pattern:l.facebook.com *u=*
Target URL: Current campaigns — Free Software Foundation — working together for free software
8 https://out.reddit.com/t3_5pq7qd?url=https://internethealthreport.org/v01/&token=AQAAZV6JWHBBnIcVjV1wvxVg5gKyCQQSdUhGIvuEUmdPZhxhm8kH&app_name=reddit.com
Pattern: out.reddit.com *url=*
Target URL: The Internet Health Report
9 http://site3.com/?r=https://www.yr.no/place/Norway/Nordland/Brønnøy/Brønnøysund/hour_by_hour.html?key=ms&ww=51802
Pattern: site3.com ?r=*
Target URL: Hourly forecast for Brønnøysund

for MORE check this webpage: on github.com/tumpio/requestcontrol/wiki/Testing-links: Testing links · tumpio/requestcontrol Wiki · GitHub

-------------------------------------------------------

Another redirect especially for you in MT:cool: I've made:
Leaving Facebook to follow MT (hopefully...): https://www.facebook.com/flx/warn/?u=https://malwaretips.com/

... and Redirect Control control all, you see
 
Last edited:
  • Like
Reactions: harlan4096

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
So, naturally, our new add-on: Reqest Control - which is visible symbiosis with Redirect Control, I see, cause it makes Redirect Control work more often... this way the security increases.
Icon of Request Control
736026-64.png

Request Control add-on on Mozilla add-ons: Request Control – Add-ons for Firefox
- by tumpio
Version 1.8.6 Released Nov. 26, 2017 87.0 KiB Works with Firefox for Android 52.0 and later, Firefox 52.0 and later


Define rules for controlling HTTP requests.


An extension to control HTTP requests. Provides a front-end for Firefox webRequest.onBeforeRequest API for HTTP request management.

Requests can be controlled with the following rules:


    • Filter Request Rule
      Filter requests by skipping URL redirection and trimming URL query parameters.
    • Redirect Request Rule
      Redirect requests to a manually set redirect URL. Redirect rule supports redirection based on the original request. Read more about the Pattern Capturing.
    • Block Request Rule
      Block requests before they are made.
    • Whitelist Request Rule
      Whitelist requests to proceed normally without taking actions of any other matched rules.
Manual
FAQ
Source code
License

From comments section:
"Nice one! Works as promised, great Help section - 5 stars. You got it, folks? - "works well", "terrific addon" and so on - it means 5 (five) stars! :)
Rated 5 out of 5
by recycler.fox, 3 months ago"
------------------------------------------------------

- So to make working this add-on, I've enabled "Filter Rule For Any URL" - that's all?...and it works.
To test it, try different redirections - testing links from precedent post, and on this webpage: on github.com/tumpio/requestcontrol/wiki/Testing-links: Testing links · tumpio/requestcontrol Wiki · GitHub

Must have.
 
Last edited:
  • Like
Reactions: harlan4096

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
Demos, tests of Redirects by Redirect Bypasser dev, many examples on: mozlima.github.io/redirectbypasser/test/test-redirectbypasser: Test RedirectBypasser

I've repost here, so at your tests...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top