Hi forum members,
ABE blocks (or rather Google does want to block) access to the vulnerability scanner at goolag.com. It says "filtered by ABE local, deny".
I know that goolag can be used to vulnerability test and as a handy tool in the hands of script kiddies or malcreants,
but it is the same like taking a hammer away from someone because he may not sculpt but rather ruin,
luntrus
Why does ABE block access to goolag.com
Why does ABE block access to goolag.com
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Why does ABE block access to goolag.com
ABE is blocking it because of a request from the internet to your intranet.
Could you show me the [ABE] lines you'll find in Tools|Error Console when this happens?
Could you show me the [ABE] lines you'll find in Tools|Error Console when this happens?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: Why does ABE block access to goolag.com
Hi Giorgio Maone,
Trying to launch: www,goolag.com I Moved Permanently
Object moved permanently -- see URI list http://www.gootar.com/favicon.ico"> Gootar Guitar Chord Generator and Scale Finder Programs... 86,724,401 (million) chords
URL: http://www.goolag.com
Redirects: 301 -> http://www.gootar.com
See what happens here: http://jsunpack.jeek.org/dec/go?report= ... cc2305963c
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75
asyncOpen([object XPCWrappedNative_NoHelper],null)@:0
()@chrome://noscript/content/IOUtil.js:502
([object Object])@chrome://noscript/content/ABE.js:295
()@chrome://noscript/content/DNS.js:230
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],0)@chrome://noscript/content/DNS.js:342
=================
[ABE] <LOCAL> Deny on {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
=========================================================
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75
Please explain what happens here, it is certainly a fishy re-direct like here: http://blog.unmaskparasites.com/2009/01 ... blo-me-uk/
luntrus
Trying to launch: www,goolag.com I Moved Permanently
Object moved permanently -- see URI list http://www.gootar.com/favicon.ico"> Gootar Guitar Chord Generator and Scale Finder Programs... 86,724,401 (million) chords
URL: http://www.goolag.com
Redirects: 301 -> http://www.gootar.com
See what happens here: http://jsunpack.jeek.org/dec/go?report= ... cc2305963c
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75
asyncOpen([object XPCWrappedNative_NoHelper],null)@:0
()@chrome://noscript/content/IOUtil.js:502
([object Object])@chrome://noscript/content/ABE.js:295
()@chrome://noscript/content/DNS.js:230
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],0)@chrome://noscript/content/DNS.js:342
=================
[ABE] <LOCAL> Deny on {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
=========================================================
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75
Please explain what happens here, it is certainly a fishy re-direct like here: http://blog.unmaskparasites.com/2009/01 ... blo-me-uk/
luntrus
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Why does ABE block access to goolag.com
googlar.org requested by following an internet link (from Schneier's blog, in your case) gets blocked because it currently points to a private network address, i.e. 10.4.223.196.
I'm not sure whether this is a DNS misconfiguration or something else, but you couldn't definitely open that address unless it was present inside your LAN (it's not routable).
The "noties[noties.length - 1].close is not a function" thing makes me curious, though: it seems you've got some extension which interferes with NoScript's XSS InjectionChecker.
Do you get that kind of message for every request?
If so, could you try Standard Diagnostic until you find the extension causing that?
I'm not sure whether this is a DNS misconfiguration or something else, but you couldn't definitely open that address unless it was present inside your LAN (it's not routable).
The "noties[noties.length - 1].close is not a function" thing makes me curious, though: it seems you've got some extension which interferes with NoScript's XSS InjectionChecker.
Do you get that kind of message for every request?
If so, could you try Standard Diagnostic until you find the extension causing that?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: Why does ABE block access to goolag.com
Hi Giorgio Maone,
No, it was just on this single occasion. The only error I see in the error console now since a long time is
Error: not well-formed
Source File:
Line: 1, Column: 46
Source Code:
<body xmlns="http://www.w3.org/1999/xhtml">&t=4392</
My add-ons: AdBlock Plus 1.2, Distrust (not active) 0.8.1, Fiddler Switch 1.5, Fireheeper 0.3.1 (beta), might be it....
Inline Code Finder 0.95, your NoScript 1.9.9.77 & Request Policy 0.5.13, Web Developer 1.1.8., WOT 20100503
That's all, when I have found the crux will report back to you,
luntrus
No, it was just on this single occasion. The only error I see in the error console now since a long time is
Error: not well-formed
Source File:
Line: 1, Column: 46
Source Code:
<body xmlns="http://www.w3.org/1999/xhtml">&t=4392</
My add-ons: AdBlock Plus 1.2, Distrust (not active) 0.8.1, Fiddler Switch 1.5, Fireheeper 0.3.1 (beta), might be it....
Inline Code Finder 0.95, your NoScript 1.9.9.77 & Request Policy 0.5.13, Web Developer 1.1.8., WOT 20100503
That's all, when I have found the crux will report back to you,
luntrus
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6