Page 1 of 1
LSO cookies and FP Detective
Posted: Tue Nov 26, 2013 9:53 pm
by morganism
This is pretty sweet.
https://www.cosic.esat.kuleuven.be/publ ... e-2334.pdf
http://www.informationweek.com/security ... ?print=yes
DNNSEC for duckduckgo
http://dnssec-debugger.verisignlabs.com/duckduckgo.com
When i save HTML pages, these javascripts tend to be saved in the page files.
I would like to block em out of saved pages too.
I Know these are actively blocked from running by NoScript, but would like to figure out how to keep them, (and GA.JS ,etc) from being saved to the computer pages too.
Any ideas ?
Re: LSO cookies and FP Detective
Posted: Tue Nov 26, 2013 10:00 pm
by barbaz
morganism wrote:When i save HTML pages, these javascripts tend to be saved in the page files.
I would like to block em out of saved pages too.
I Know these are actively blocked from running by NoScript, but would like to figure out how to keep them, (and GA.JS ,etc) from being saved to the computer pages too.
Any ideas ?
use mozilla archive format (latest version requires gecko 17 or later despite what they say)
https://addons.mozilla.org/seamonkey/ad ... ve-format/
Re: LSO cookies and FP Detective
Posted: Tue Nov 26, 2013 10:14 pm
by morganism
thanks, have that installed, but havn't started the single file saves yet.
Didn't realize it would strip out JS.
Will give it a try.
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 1:54 am
by Thrawn
You could also save as 'Web Page, HTML only', right?
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 2:40 am
by barbaz
Thrawn wrote:You could also save as 'Web Page, HTML only', right?
no
AFAIK that way you got the page
*on your local computer* running arbitrary scripts and trying to make these requests to the remote server
mozilla archive format will download everything and replace all scripts with this
Code: Select all
/* Script removed by snapshot save */
much better, no?
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 3:13 am
by barbaz
hmm, maf seems to save flash embeds regardless of allowed state in noscript at the time of save
best to use it in combination with a content blocker it doesn't bypass, such as simpleblock, so you don't download plugin-based active content (meaning "crapware" in this context) that may then run on your machine
(in this case noscript will block it automatically)
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 5:28 am
by Thrawn
barbaz wrote:
AFAIK that way you got the page *on your local computer* running arbitrary scripts and trying to make these requests to the remote server
Well, if there are inline scripts, and if you have allowed file://, then yes.
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 7:37 pm
by morganism
Ok, will try that simple block
What do i use to open a MAFF file to check for widgets?
At least with the double file HTML, i can open the _ file to delete by hand.
Re: LSO cookies and FP Detective
Posted: Wed Nov 27, 2013 7:51 pm
by barbaz
It's a standard zip file, so your system's graphic archive manager should work.
I should also warn you that SimpleBlock isn't that easy to figure out and the only help documentation is the "Developer's Comments" section on the AMO page. But once you get used to it, it's a great layer of defense-in-depth for situations like this.
Re: LSO cookies and FP Detective
Posted: Thu Dec 05, 2013 2:55 am
by morganism
sometimes i want to save the pics inline.
had to go back to using Hack the Web, and save page htm complete.
Now, if i don't go back and delete the JS, am still afraid they can run on opening.
https://www.mozilla.org/security/announ ... 13-75.html
Re: LSO cookies and FP Detective
Posted: Thu Dec 05, 2013 2:04 pm
by barbaz
morganism wrote:Now, if i don't go back and delete the JS, am still afraid they can run on opening.
As Thrawn said, not if you didn't Allow file:// in NoScript.