Firefox security functionality

Discussion in 'other software & services' started by m00nbl00d, Jun 21, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    A few minutes ago I created a thread about Chromium/Chrome. I didn't want to add this part there, so that Firefox users won't avoind this information, which hopefully they'll also find useful.

    By using the extension BlockSite Plus, and then going to the addon Options, select Invert list to whitelist, and then add a TLD (top level domain), such as *.com and then click Quick add, you'll be blocking access to any domain/URL, except those ending in *.com.

    This kind of approach is great to block access/redirects to malicious websites. It's not perfect, but for sure will prevent many infections as well. :)
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not sure if it's because I'm running the Nigthly build, but the extension seems quite buggy. The whitelisting now blacklists, and if blacklisting, it doesn't blacklist, at all. :argh:

    It's working fine now. I made the mistake of removing the protocol. We need to add either http/https or both, depending on our needs.
     
    Last edited: Jun 21, 2012
  3. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thanks for the providing the link; I totally forgot it. :(

    Regarding the rules, it came to my attention that we need to add them like https://*.com/, etc., otherwise, and I'll take one of your examples, *.org, it will allow connections to other URLs, such as -http(s)://domain.domain.org.uk.

    For what it seems, BlockSite Plus doesn't quite work with TLDs, so we do need to add https://*.com/, etc., and not https://*.com.
     
  5. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Thanks for pointing that out! :D

    Now what if we want a blacklist and a whitelist?
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I was thinking about that as well. :D One option, would be to suggest that to the extension's author. :D Another option, would be to install another similar extension, but in this case we'd blacklist whatever we want to blacklist.

    There's an extension called BlockSite, and by the way BlockSite Plus is a fork, and it would be a matter of seeing if it allows TLDs, or restrictions like http://*./com/*, etc. I believe this extension lacks a GUI, though; we would need to create a file in the user profile folder.

    I hope I'm not mistaken, but I believe user vasa1 mentioned this extension sometime ago... not sure.
     
  7. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Wasn't me. Sure.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, I gave SimpleBlock a try, and you could use this one to whitelist the TLDs, and use BlockSite Plus to blacklist what you want. My reasoning is that BlockSite Plus has an option that allows to import a list. This list would need to start with [BlockSite], and URLs in each line, such as -http://blacklist-domain.org/* (It's actually http, not -http; it's to kill the hyperlink in the forum.)

    I suppose it will depend on what you need to do. You can also do it the other way around - use SimpleBlock to blacklist and BlockSite Plus to whitelist. Or, you can use SimpleBlock for both, because you can do it. You just don't have a GUI to work with.

    To use SimpleBlock, you need to create a ini file in Firefox's user profile folder named SimpleBlock.ini. Then, if you had R: https?://(?!(.*\.com|.*\.net|.*\.ru|.*\.org)), and restart Firefox, you'll then only allow websites with those TLDs.

    The R: means it's a regular expression.

    Code:
    R: https?://(?!(.*\.com|.*\.net|.*\.org))
    R: http://(www\.)?domain\.org
    
    The above example, the first entry would allow access to any domain ending in *.com, *.net or *.org, but the second line would deny access to that one URL.
     
  10. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    I just did the same thing :)

    The verdict: SimpleBlock has two major disadvantages - it lacks a decent GUI and you really have to know your syntax to make this work. Even then, there is the issue of having a false sense of security because you think you blocked something when in fact you didn't because of some silly syntax slip. So I'll stick with ABP, which has the advantage that it is mature and does a lot of the thinking for you.

    BlockSite Plus - in whitelist mode - is a keeper though!
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You're totally right. I had to make a little modification in the syntax, because I was also able to get to a URL like -http://domain.org.uk. That's because I forgot to make it like:

    Code:
    R: https?://(?!(.*\.com\/|.*\.net\/|.*\.org\/))
    
    We need to include / after the TLD, and escape it with \, so that / is treated as a literal character, and not a special one. If we don't add /, then the regular expression engine will find a match in -http://domain.org.uk (for example), and it would allow the connection, because it found the pattern -http://domain.org in the expression -http://domain.org.uk.

    We do need to make sure all is OK, otherwise things won't work as expected. :D
     
  12. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Couple of points. I hope they're not misunderstood and reported for trolling/abuse like so many of my other posts ...

    1. The author of SimpleBlock makes it clear that the extension is a no-frills one. So saying it doesn't have a GUI ... that's pointless.

    2. If you want to monitor what SimpleBlock blocks, you have to look at the error console under Tools, Web Developer. There you'll see the url that is blocked along with the applicable rule. Of course, you have to look elsewhere to know what has been allowed! This got tiresome for me after about a year so I've gone back to ABP.
     
  13. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    Quite on the contrary, I for one very much appreciate your insights :)
    SimpleBlock does have an add-on bar icon which has no other function than just sitting there, so why not make that clickable?
     
  14. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    But it is clickable. With it, you can (from memory)
    disable/enable SimpleBlock
    open the profile folder if you prefer that route
    reload SimpleBlock.ini (after editing it) so the changes take effect without restarting the browser
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, another nice addition to this trick, would be to run Firefox in "Protected Mode"; or in other words, running it as low integrity level. I won't say how to do it, because you can search the forum, and you'll find how to do it.

    But, I wouldn't apply a low integrity level to the Temp folder, as explained in that thread (I'll have to look for the thread, and I'll post a link to it.). I'd rather create a batch file, so that when you need to download something/update extensions, you can easily apply a low integrity level to the Temp folder, otherwise it won't be possible to download anything, and once you start downloading, you can restore the integrity level again.

    A batch file like the following would work...

    Code:
    @echo off
    chml "C:\Users\username\AppData\Local\Temp" -i:l -noinherit
    pause
    chml "C:\Users\username\AppData\Local\Temp" -rl
    
    Basically, what it will do is to first apply the low integrity level, whenever you need it, and it will pause... When you want to restore the integrity level, you just hit a key.

    In the batch file, I'm assuming the user would be using the tool chml by Mark Minasi, and that is placed in C:\Windows\System32. I prefer it over Windows own tool icacls.

    If you have Temp folder with the normal IL, then Firefox cannot write to it, which means drive-by downloads won't work.

    Of course, this will only work with Windows Vista and above.
     
  16. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Interesting... Apparently, SimpleBlock cannot prevent other extensions Internet connection.

    I create a profile just to access to Youtube, and then installed the extension Turn The Lights Off and when I opened its Options, it connect out just fine. That's a big bummer.

    I wonder if BlockSite Plus manages to block it. Will try it.

    -edit-

    BlockSite Plus prevents Turn Off The Lights from connecting out. This one is a keeper. SimpleBlock is great for other stuff (regex stuff :D).
     
    Last edited: Jun 23, 2012
  17. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Me too Vasa.:cool:

    Bo
     
  18. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You should be aware that if you're using BlockSite Plus (whitelist mode), you also need to add javascript:;. Otherwise, you won't be able to move in the search pages of Ixquick/Startpage (maybe others) (1,2,3,...), as it will be blocked.
     
  19. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Just a little update. If you're using BlockSite Plus, you don't need to add both http and https; http*://*.com/ works fine.
     
Loading...
Thread Status:
Not open for further replies.