In the case of ebay at least, the normal ublock origin seems to prevent this (maybe just incidental that it blocked the loading of the port scanning script?)
Open “web developer tools”, “network” tab and browse to ebay - if uBlock Origin is turned off, after a few seconds you start to see lots of websocket connections as is shown in the article here. With uBlock Origin enabled, I’m not seeing those.
EDIT: Raymond confirms this[redditlink] and asks for some ideas on how to specifically block malicious connections to localhost
But re 1) I’m so confused, how does the browser have access to such information, never mind an addon?
I get that browsers can do way more than tcp port 80 these days, but I didn’t know it can do so much, man.
Or is that sniffing so closely related to the web site itself, i.e. is the actual web server doing it? I would expect that if someone would want to snoop on my network, they’d be using something else than a web server.
The screenshot in the article shows Websocket connections from the browser, which I think is the only non-HTTP connection that web pages can make?
Websockets always seemed a confusing technology, as they just kinda ignore the same origin policy that has been a fundamental part of JavaScript security since JavaScript’s creation!
I guess I’m mainly confused because the abilities of browser extensions have been so heavily eroded over time. Can’t make an extension to manage bookmarks anymore and lots of other things. So I’m surprised it could do such things.
if you use firefox you can use this addon
fingerprinting (i.e. tracking you), even if you delete cookies etc
In the case of ebay at least, the normal ublock origin seems to prevent this (maybe just incidental that it blocked the loading of the port scanning script?)
Open “web developer tools”, “network” tab and browse to ebay - if uBlock Origin is turned off, after a few seconds you start to see lots of websocket connections as is shown in the article here. With uBlock Origin enabled, I’m not seeing those.
EDIT: Raymond confirms this [reddit link] and asks for some ideas on how to specifically block malicious connections to localhost
Incompatible with Firefox on Android 😔
Removed by mod
But re 1) I’m so confused, how does the browser have access to such information, never mind an addon?
I get that browsers can do way more than tcp port 80 these days, but I didn’t know it can do so much, man.
Or is that sniffing so closely related to the web site itself, i.e. is the actual web server doing it? I would expect that if someone would want to snoop on my network, they’d be using something else than a web server.
Guess I need an eli10 for modern browsers.
https://blog.nem.ec/2020/05/24/ebay-port-scanning/ this explains it pretty well, but not eli10
The screenshot in the article shows Websocket connections from the browser, which I think is the only non-HTTP connection that web pages can make?
Websockets always seemed a confusing technology, as they just kinda ignore the same origin policy that has been a fundamental part of JavaScript security since JavaScript’s creation!
Yea I’ve always been weirded out by it. Thx
There are legitimate reasons to scan/connect to ports at localhost, the article even lists some (e.g AVs)
Hm, but browser addons?
I guess I’m mainly confused because the abilities of browser extensions have been so heavily eroded over time. Can’t make an extension to manage bookmarks anymore and lots of other things. So I’m surprised it could do such things.