µMatrix - the HTTP Switchboard successor

Discussion in 'other software & services' started by tlu, Oct 25, 2014.

  1. Auxigen

    Auxigen Registered Member

    Joined:
    Dec 14, 2016
    Posts:
    3
    Location:
    Germany
    I am not sure which right cells I should whitelist. They are empty on my sreen. See screenshot attached.

    upload_2016-12-14_15-53-26.png
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,444
    With enabled uMatrix and after clicking on "Acknowledge" i can see all images :cautious: (scripts+cookies from google has to be allowed)
    Do you block cookies with another extension? I found out that if cookies are blocked, the list of images is not displayed. Only with enabled cookies.
     
  3. Auxigen

    Auxigen Registered Member

    Joined:
    Dec 14, 2016
    Posts:
    3
    Location:
    Germany
    Many thanks, mood! It was not another extension but the Firefox Cookies setting, where I restricted third party cookies to visited third parties. As soon as I allowed all third parties, the page loads correctly. (I will need to find out what the difference between the two is exactly - but that is another story.) Now the google.com session cookie is loaded and also shows up in the uMatrix UI and the log.
    Cheers!
     
  4. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    How can I block .exe or . whatever file type from downloading on a website if I have the site allowed to load for example
    https-strict: * true
    matrix-off: about-scheme true
    matrix-off: chrome-scheme true
    matrix-off: localhost true
    matrix-off: opera-scheme true
    referrer-spoof: * true
    ua-spoof: * true
    * * * block
    * * cookie block
    * * css allow
    * * frame block
    * * image allow
    * * other block
    * * plugin block
    * * script block
    * * xhr block
    * 1st-party * block
    I also have a
    com 1st-party * inherit
    to block all other websites except if they are whitelisted but I want to use this setup but block files from downloading (or a more secure one but allow me to do same thing) for example on this site http://www.instantwp.com/download/ you click download button it downloads and even if I use UBlOCK with this filter ||exe^ it doesnt block it....so how can I block files like these. So in short I want to block all domains and all files from downloading if I click download except the ones I want to download , I use umatrix with ublock with my settings in my signature and also a few custom YouTube filters to block autoplay and etc in ublock. So if I can achieve this with just umatrix great or if I can achieve this with ublock and umatrix great , any way I can do it please help.
    thanks,
    Malwar
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,021
    i think it is possible but such downloads are triggered by script - forwarding url > exe.
    some sites dont offer "click here if download wont start" - what will you do then?

    sounds funny but if you dont want a download DONT click on "download here" or similar.
    anyhow firefox, opera, chrome offers me a download dialog where to store and if to store - if i "cancel" the download is canceled but in 99% i want the download so i click "ok". where is the problem?
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    Agree with @Brummelchen. If you block 3rd-party frames and scripts you will greatly enhance security against drive-by downloads. These are the ones you should be most concerned about - not the ones where you have to choose to click and download. And remember, selecting to download an exe to a chosen directory does not auto-launch it either, so nothing to worry about.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    If you're talking about www.gstatic.com, it looks like you have whitelisted specifically the script and XHR cells at the site level. I say this because the Scope selector (very top left-hand corner of Toolbar) has the specific site (developer.google.com) selected. You need to determine eventually if want to be whitelisting gstatic.com at a more wide-ranging level, like the Global "*" level. I think you are going to find gstatic.com is required on many sites so you will probably want to whitelist it at a Global level, otherwise you are going to constantly be whitelisting them over and over again on many different sites you visit. It's a bit of a catch 22; if you want lots of control, then whitelist specifically at either domain level (google.com) or site level (developers.google.com). However, you will then be spending more time creating rules for different sites you visit.
     
  8. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Yeah thanks @Brummelchen and @wat0114 I mean I won't get infected anyways and I am not worried about clicking on the wrong thing I just wanted to try it lol idk why. I use chrome OS..So....Lol yeah don't got to sorry about what expecially using Umatrix with just allowing .com domains and only allowing image and CSS globally and using ublock.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,021
    sorry, cant help for chromeOS. Firefox is set up to ask for certain downloads if and where - opera is set up same for unsecure files (default is save/download without question).

    drive-by is not possible here, any goes to sandbox, no breakout possible, no start possible, no web, nothing, just cache or similar.

    maybe uBlock and "no large media content" is usable for you.
    https://github.com/gorhill/uBlock/wiki/Per-site-switches
     
  10. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Thanks, yeah it was just a theoretical thing. I know about all the features and everything and know how to make rules and stuff but yeah I will just block all downloads by my browser. Thank you for all of the help it was nice talking if you need anything or wanna talk more you can pm me.
    Much respect,
    Malwar
     
  11. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    To block .exe files you can just add this to ublock
    ||*/*exe$document,important
    in my filters section and just disable strict blocking for whatever search engine you use if you search .exe or exe. @gorhill @Brummelchen @Windows_Security @wat0114 what do you think of this it is just a theoretical thing I am doing just because.
     
    Last edited: Jan 31, 2017
  12. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,021
    i did not test with the netlogger from which it is possible to create rules like that - on my mind but no time yet. thx!

    edit:

    !!*.exe$inlinescript
    or
    !!*.exe$doc
    or
    !!*.exe

    do not work within uBlock.

    while
    ||bitsum.com$document,important
    is working

    ok, this one works also
    ||*/*exe$important,document
    ||*/*exe$document,important
    for uBlock (both expressions are equal)

    create rules for other file types.
     
    Last edited: Jan 31, 2017
  13. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    To create ruels with other file types just do the same just change exe to example dll or js just do ||*/*dll(or js or any file type)$document,important If you do ||^exe it works on some sites not all but the best solution I have came up with is the /*/
     
  14. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,319
    Location:
    Canada
    Nice find, Malwar :thumb: I don't know if it's going to be any more secure, however, than just choosing to download to a selected directory. Still, that's a clever rule you found.
     
  15. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Try try try again until you succeed, thanks man. Anytime you need me pm me lol I was like yesss it worked lol.:):thumb::cool: wonder if we can somehow find out if it is more secure or not or same security because when you ask where to download the download hasn't started yet and if you make it where chrome can't download multiple files at once I mean you shouldn't be able to be exploited that way( I can't anyways Chrome OS) but just for you know a click happy user they wouldn't be able to download file types you specify, good for a clickhappy user. Edit : on second thought, I mean it blocks it from loading the page even if it did download it wonder would it still ask where to save the file if the ||*/*exe$important,document method somehow got bypassed.
     
    Last edited: Feb 1, 2017
  16. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,906
    Has anyone noticed that the hosts files in uMatrix do not update regularly? I've checked the button to automatically update the hosts files, and AFAIR gorhill said somewhere that this is done every 4-5 days or so. Unfortunately, this is not the case for me: I've noticed that some hosts files like Steven Black's one or this one are several weeks old although updates are available very often. Only after clearing the uMatrix cache the hosts files will get updated by clicking the update button.

    I'm not sure if all hosts files are affected. I've replaced most hosts files which come with uMatrix by default (Dan Pollock's, Malware Domain List, MVPS, Peter Lowe's) with Steven Black's list (in order to reduce download size), and the hpHosts list (which is not included in Steven Black's) doesn't show a date if I click it. So it's possible that only manually added hosts files are affected but not the default ones.

    Can anybody else observe this behavior?
     
  17. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,906
    I haven't tried that filter but I think it makes sense as Dynamic URL filtering is not available in uMatrix but only in uB0.
     
  18. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Exactly. You can not block .exe files from downloading in Umatrix only Ublock. I use both of them together.
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,444
    I can see this too with manually added hosts-files.
    I looked at them a moment ago, and "all" manually added hosts-files were pretty much outdated. The default ones were up to date.
     
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,906
    Thanks for confirming this! :thumb: So it seems this is a bug that seriously impairs the usefulness of manually added hosts files. I hope that @gorhill can fix it.

    FWIW, uBlock Origin (v. 1.10.7rc4) does not seem to be affected. The manually added filterlists (I don't use hosts files in uB0) have been updated recently as shown if you hover the cursor over the newly added clock symbol next to each activated filterlist. A nice feature which was obviously introduced with the refactored assets management. Perhaps this will also come to uMatrix?
     
  21. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    Yes, that is something I want to do -- I came to hate the old asset management code, and I am quite relieved to have it scrapped for the new one in uBO.
     
  22. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,906
    Thank you very much, gorhill, that's great to read! I guess that this would also solve the problem mentioned.

    Another question concerning Dynamic URL Filtering discussed a couple of posts above: Are you by chance considering to also add it to uMatrix? I'm asking this as for a user who's using both uMatrix and uB0 as a tandem but with a clear division of work (using uMatrix for Dynamic Filtering on stereoids and uB0 solely for Static Filtering) it would be much more straight-forward and logical, IMHO, to perform Dynamic URL Filtering in uMatrix rather than in uB0. I know that you're doing the development in your free time, so, please, don't feel pressed - but it would be a great feature nonetheless ;)
     
  23. 7hohPAyXMd

    7hohPAyXMd Registered Member

    Joined:
    Mar 7, 2014
    Posts:
    11
    Could anyone please tell me how to block, using uMatrix and uBlock, requests that can be used for Intermediate CA Caching Fingerprinting?

    demo: https://fiprinca.0x90.eu/poc/

    in uMatrix if I allow only 1st party scripts, images, CSS. the site can still identify cached certificates, but, if I install Request Policy Continued addon, the site can not identify any cached certificates.
     
    Last edited: Feb 23, 2017
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,906
    That's easy to explain: RequestPolicy blocks all network requests to all 3rd-party domains (with the exception of optional whitelisted ones if I remember correctly). The default behavior of uMatrix is different: It blocks all network requests only to the specifically blacklisted domains (the ones which are contained in the integrated hosts files). For all other 3rd-party domains only specific request types are blocked (plugins, javascript, frames etc.) while CSS and images are allowed. However, it's easy to change that:
    1. Switch from the domain-specific scope (I sincerely hope you're using that - otherwise you miss one of the most valuable features of uMatrix) to the global scope.
    2. Click the headers of the CSS and image columns in order to make them RED. Click the padlock. Result: From now on all network requests are blocked for all 3rd party sites which is what RequestPolicy does.
    3. Switch back to the domain-specific scope.

    I've tried that site above with this setting. Result:
    So it's the same as what you get with RequestPolicy. After allowing CSS and images for 3rd party domains again the result is different.

    Remember that this modified setting breaks many sites, and you will have to explicitly allow CSS and images for specific 3rd party domains in order to make the 1st party site viewable/readable.

    And regarding uBlock Origin: You will get the same result if you block all requests to 3rd sites in the global column of Dynamic Filtering.
     
  25. 7hohPAyXMd

    7hohPAyXMd Registered Member

    Joined:
    Mar 7, 2014
    Posts:
    11

    Thanks tried your suggestion. but for me even blocking everything (all columns dark red) in the global scope (*) and only allowing 1st party script from 0x90.eu, the site still manages to find about 300 cached certificates...

    screenshot:
    http://i.imgur.com/HNotZ7Y.jpg

    EDIT:

    Tried again in a new Firefox profile, with no modification, and only uMatrix installed. blocked everything in the global scope, and allowed only 1st party scripts. Still the site finds 311 cached certificates!
     
    Last edited: Feb 24, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.