µMatrix - the HTTP Switchboard successor

Discussion in 'other software & services' started by tlu, Oct 25, 2014.

  1. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Any ETA on Umatrix firefox vers Gorhill?
     
  2. tlu

    tlu Guest

    Well, I'm not gorhill, but if you look into his latest commits you'll find a lot of them referencing Firefox. So I suggest to be patient. It's ready when it's ready ;)
     
  3. tlu

    tlu Guest

    I prefer to not allow the other coumn in the behind-the-scene-scope.

    This is how it looks a couple of minues after I started Chrome today:




    I don't know what google-analytics.com was trying to do. I suppose that it happened when Chrome checked the webstore for updates. And although GA is blacklisted, uMatrix wouldn't have been able to block GA otherwise as extensions are disabled on the webstore. So this is an example how uMatrix is able to control a lot of things happening in the background (by the browser itself or other extensions). I don't want to forego that.
     

    Attached Files:

  4. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,047
    Can adblock filters be added to this as i notice it only has a preset hostfile ruleset.
     
  5. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
  6. tlu

    tlu Guest

    No, you can't. This is an absolutely bad advice. Support for pattern-based filtering - and this includes ABP compatible filterlists - was removed when gorhill published uMatrix as the successor of HTTP Switchboard (which is no longer maintained). uMatrix does not support the ABP filter syntax but only hosts file type filterlists. Adding ABP filterlists results in many entries simply not being applied at all or incorrectly interpreted. If you want to use those filterlists I suggest that you use uBlock.
     
  7. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,047
    Thank you very much for the replies and as a consequence i have decided to use ublock origin .
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I don't like either to allow it. If there was only some certain sites I read pfd-files, I could make a rule into that behind-the-scene scope matrix to allow other only in those sites. But they are too many and also most times I am operating sandboxied so I can't even make permanent rules to those sites.

    Also this is such a bother, because most times I am running Chrome in incognito mode. And as you know, to bring the chromium-behind-the-scene matrix, it will open a normal window, another window. As it is now this sucks and I am reluctant to use some pdf-reader extension. I really wish, even if gorhill posted in the link you gave what he did, that some sort of solution to this would be possible.
     
  9. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    523
    Location:
    Australia
    Did not know that. Thanks for clearing that up. Appologies @The Red Moon
     
  10. tlu

    tlu Guest

    I had a very interesting observation today. After starting Chrome I looked into the statistics tab of uMatrix and found one entry marked as blocked which I had never seen before:

    Code:
    11:31:09    other    <a>    http://cache.pack.google.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP11V-NR4wY58jM2HOPewEhQCTjk48snqnsU2rm1fVen1u99EtaTfgtZ8BprsPAYdhy_L9vqIsambYGz71InXepQAMZSmuUoegAE-h6tTWvOxcWJ0VBJ6r9FVg/extension_0_1_0_0.crx
    Obviously a Chrome extension because of the crx suffix. I clicked the uMatrix symbol to open the chromium-behind-the-scene matrix and confirmed that there was a blocked request in the "other" column for cache.pack.google.com. I tried to open above link because I knew that Chrome would prevent its installation - and indeed, I got a message by Chrome that no apps, extensions or user scripts could be installed from that site (good!). Nevertheless, the extension was downloaded. I renamed it to

    extension_0_1_0_0.zip

    and extracted it. Here's the manifest.json file:

    Code:
    {
    "update_url": "https://clients2.google.com/service/update2/crx",
    
      "manifest_version": 2,
      "icons": {
        "128": "images/icon_128.png",
        "16": "images/icon_16.png"
      },
      "display_in_launcher": false,
      "version": "0.1.0.0",
      "minimum_chrome_version": "29",
      "display_in_new_tab_page": false,
      "permissions": [
        "identity",
        "webview",
        "https://wallet.google.com/",
        "https://wallet-web.sandbox.google.com/",
        "https://www.google.com/",
        "https://www.googleapis.com/*"
      ],
      "name": "__MSG_APP_NAME__",
      "app": {
        "background": {
          "scripts": [
            "craw_background.js"
          ]
        }
      },
      "default_locale": "en",
      "oauth2": {
        "auto_approve": true,
        "scopes": [
          "https://www.googleapis.com/auth/sierra",
          "https://www.googleapis.com/auth/sierrasandbox",
          "https://www.googleapis.com/auth/chromewebstore",
          "https://www.googleapis.com/auth/chromewebstore.readonly"
        ],
        "client_id": "203784468217.apps.googleusercontent.com"
      },
      "description": "__MSG_APP_DESCRIPTION__"
    }
    And metadata/verified_contents.json contained

    Code:
    [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W .....
    Has anybody seen anything like this before?

    I think that one of my extensions tried to sideload that stuff which is obviously a payload. I will try to investigate which one is the culprit.

    In any case: This example is a confirmation for me that blocking behind-the-scene requests in uMatrix is highly recommended. I don't know if it had been possible otherwise that this sideload would be installed in Chrome. But it's good to know that uMatrix blocks such attempts right from the beginning.
     
  11. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I'm not a user of uMatrix, but I can confirm that my pretty basic install of Chrome includes this Google Wallet extension as well. Sadly, I am very familiar with Chrome side-loading a lot of things behind the scenes. One example that Chrome brings in after the fact is that Windvine Content Decryption Module plugin. Also, depending on what other software is on your system, Chrome will install that Software Removal Tool in the user folder as well without confirmation. There are a handful of built-in extensions for Chrome like YouTube, Docs, Drive, etc. that you used to be able to see (and remove) from Extensions (chrome://extensions/). But those built-in extensions are simply just hidden now. The Google Wallet extension in my basic Chrome install is the same version listed in your manifest.json file. There is a lot of stuff going on behind the scenes in Chrome, unfortunately, without confirmation from the user. I may look into using uMatrix if this is able to easily control what is stuffed into Chrome after the fact.
     
  12. tlu

    tlu Guest

    Interesting. I've recently installed Chrome on several Linux distros in Virtualbox and I've always seen (and removed) those extensions. Perhaps because I always enable developer mode?

    I had never seen that before. It would be interesting to know if this also applies to Chromium.

    The degree of control provided by uMatrix is simply unmatched. Please note that behind-the-scene requests are allowed by default in order to avoid breaking things. This HTTPSB wiki entry is still valid. And this old post of mine might be helpful, too.

    EDIT: Please also note that by blocking behind-the-scene requests uMatrix itself (!) cannot update its hosts files anymore unless you allow XHR in the chromium-behind-the-scene matrix for the corresponding websites. This applies also to other extensions like uBlock. Once you save those rules, everything works flawlessly.
     
    Last edited by a moderator: Apr 25, 2015
  13. tlu

    tlu Guest

    Okay, at least this suggests that it's nothing malicious which is sideloaded by some other extension, isn't it?
     
  14. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    That's correct. Mine is just a bare bones Chrome stable channel install.
     
  15. What would be easy when figuring out what to allow on a page?

    ==> A quick access to the logs (
    illustrated with a square with hashtag in it) see picture.

    Untitled.png



     
    Last edited by a moderator: Apr 30, 2015
  16. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    I just can't wait. I was forced (long story) to switch from Chrome to FF and now I am really missing it. Policeman is a PIA to use, when compared to uMatrix.
     
  17. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,047
    Incredible that extension developers can dictate which browser we all use..such power.
     
  18. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    Well, not really. I had to give up with Chrome because of new company's policy. Still it is my preferred one but I cannot use it on my work PC.
     
  19. tlu

    tlu Guest

    Great news: uMatrix Dev build 0.9.0.0.-dev0 for Chrome and Firefox available.
     
  20. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Thanks for posting the info.
    This will tickle lotsa people pink :thumb:
     
  21. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    From the link you gave tlu, it shows that the latest release is 0.8.1.4
    Mine is still 0.8.1.3 as the above version is still not in Chrome web store. I wonder why?
    I do hope the new 0.9 release or from it developed official release gets into that "store".
     
  22. tlu

    tlu Guest

    Perhaps the old site was still in your cache. Anyway, see here.
     
  23. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I mean't that when you from Chrome/Settings/Extension/Get more extensions, you will go to Chrome web store. Then type into the search box: uMatrix, then available extension will be 0.8.1.3 not 0.8.1.4.
    Nor will my uMatrix update to 0.8.1.4. So it is a clear sign to me that it is not available in that store.

    I am of course interested in the 0.9 version, but I will wait for the next official release to install.
     
  24. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,281
    Location:
    EU
    @tlu That is GREAT news indeed!!
    Thanks for posting.

    Already installed on Firefox.
     
  25. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Hallelujah!!!! Man, gorhil has made my year!! Umatrix on FF is the best thing since sliced bread and rum.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.