InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Forbid META redirections DOESN'T WORK.

https://forums.informaction.com/viewtopic.php?t=3390

Page 1 of 1

Forbid META redirections DOESN'T WORK.

Posted: Fri Dec 18, 2009 10:56 am
by NeoScript
Hello.
Open someone Facebook profile, always refresh or looping non stop, and NoScript detected. In this forum I also notice auto redirecting.
I have check "Forbid META redirections inside <NOSCRIPT> elements" also "Hide <NOSCRIPT> elements", but seems doesn't work.



Here my exported NoScirpt config (why can't send attachment here?):

Code: Select all

{"prefs":{
"whitelistRegExp":"",
"untrusted":"",
"secureCookiesExceptions":"",
"docShellJSBlocking":1,
"forbidSilverlight":true,
"autoAllow":0,
"allowBookmarks":false,
"cp.last":true,
"showRecentlyBlocked":true,
"injectionCheckHTML":true,
"jsredirectIgnore":false,
"https.showInConsole":true,
"filterXExceptions":"",
"surrogate.imdb.replacement":"addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)",
"safeToplevel":true,
"sound.block":"chrome://noscript/skin/block.wav",
"toolbarToggle":3,
"lockPrivilegedUI":false,
"showAddress":false,
"forbidXSLT":true,
"hideOnUnloadRegExp":"video/.*",
"surrogate.qs.sources":"edge.quantserve.com",
"notify.hide":false,
"forbidJarDocuments":true,
"surrogate.ga.replacement":"var _0=function(){};with(window)urchinTracker=_0,_gat={_getTracker:function(){return{__noSuchMethod__:_0,_link:function(h){if(h)location.href=h;},_linkByPost:function(){return true;},_getLinkerUrl:function(u){return u;},_trackEvent:_0}}}",
"statusLabel":false,
"allowPageLevel":0,
"stickyUI":true,
"ABE.notify.namedLoopback":false,
"frameOptions.parentWhitelist":"https://mail.google.com/*",
"fixURI.exclude":"",
"stickyUI.liveReload":false,
"compat.evernote":true,
"sound":false,
"nselNever":true,
"emulateFrameBreak":true,
"forbidFlash":true,
"notify.bottom":true,
"tempGlobal":false,
"allowedMimeRegExp":"",
"ABE.legacyPrompt":false,
"fixLinks":true,
"forbidChromeScripts":false,
"asyncNetworking":true,
"surrogate.yieldman.replacement":"with(window)rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}",
"autoReload.allTabs":true,
"policynames":"",
"collapseObject":true,
"allowURLBarJS":true,
"safeJSRx":"(?:window\\.)?close\\s*\\(\\)",
"flashPatch":true,
"xss.notify.subframes":true,
"filterXPost":true,
"ABE.disabledRulesetNames":"",
"forbidMetaRefresh.remember":false,
"showDistrust":true,
"untrustedGranularity":3,
"blockNSWB":true,
"injectionCheck":2,
"consoleLog":false,
"autoReload.onMultiContent":false,
"showDomain":false,
"secureCookies.recycle":false,
"showTempToPerm":true,
"forbidMedia":true,
"trustEV":false,
"filterXGetRx":"<+(?=[^<>=\\-\\d\\. /\\(])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]",
"keys.toggle":"ctrl shift VK_BACK_SLASH.|",
"notify":false,
"statusIcon":true,
"showUntrustedPlaceholder":false,
"filterXExceptions.lycosmail":true,
"forbidJava":true,
"stickyUI.onKeyboard":true,
"showAllowPage":true,
"showTemp":true,
"contentBlocker":true,
"ABE.siteEnabled":false,
"secureCookies":true,
"xss.trustTemp":true,
"alwaysBlockUntrustedContent":true,
"filterXGet":true,
"autoReload.global":true,
"injectionCheckPost":true,
"sound.oncePerSite":true,
"forbidImpliesUntrust":false,
"forbidIFramesParentTrustCheck":true,
"confirmUnsafeReload":true,
"global":false,
"forbidData":true,
"utf7filter":true,
"ctxMenu":false,
"notify.hideDelay":5,
"inclusionTypeChecking":true,
"autoReload.allTabsOnPageAction":true,
"jsHack":"",
"truncateTitle":true,
"xss.notify":true,
"xss.trustReloads":false,
"truncateTitleLen":255,
"filterXGetUserRx":"",
"urivalid.aim":"\\w[^\\\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w\\-\\.\\+@]{2,32})?)?",
"jsredirectFollow":false,
"opacizeObject":1,
"recentlyBlockedLevel":0,
"badInstall":false,
"clearClick.plugins":true,
"firstRunRedirection":true,
"forbidMetaRefresh.notify":true,
"urivalid.mailto":"[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*",
"filterXExceptions.fbconnect":true,
"surrogate.ga.sources":"*.google-analytics.com",
"clearClick.debug":false,
"surrogate.enabled":true,
"STS.enabled":true,
"forbidMetaRefresh":true,
"allowClipboard":false,
"forbidJarDocumentsExceptions":"",
"keys.ui":"ctrl shift S",
"forbidIFramesContext":2,
"forbidExtProtSubdocs":true,
"compat.gnotes":true,
"requireReloadRegExp":"application/x-vnd\\.moveplayer\\b.*",
"gtemp":"",
"allowHttpsOnly":0,
"forbidMixedFrames":true,
"autoReload.allTabsOnGlobal":false,
"ABE.allowRulesetRedir":false,
"showTempAllowPage":true,
"ABE.enabled":true,
"autoReload.useHistory.exceptCurrent":true,
"frameOptions.enabled":true,
"jsHackRegExp":"",
"inclusionTypeChecking.checkDynamic":false,
"showUntrusted":true,
"canonicalFQDN":true,
"default":"about:blank about:credits addons.mozilla.org flashgot.net google.com gstatic.com googlesyndication.com informaction.com yahoo.com yimg.com maone.net noscript.net hotmail.com msn.com passport.com passport.net passportimages.com live.com",
"secureCookiesForced":"",
"confirmUnblock":true,
"excaps":true,
"forbidFonts":true,
"clearClick":3,
"allowLocalLinks":false,
"forbidIFrames":true,
"forbidPlugins":true,
"showGlobal":true,
"showRevokeTemp":true,
"ABE.notify":true,
"xss.trustData":true,
"surrogate.popunder.replacement":"window.puShown getter=window.puShown setter=function(){return true}",
"silverlightPatch":true,
"toggle.temp":true,
"placesPrefs":false,
"xss.trustExternal":true,
"recentlyBlockedCount":10,
"secureCookies.perTab":false,
"abp.removeTabs":false,
"jsredirectForceShow":false,
"surrogate.imdb.sources":"@*.imdb.com/video/*",
"nselForce":false,
"consoleDump":0,
"proxiedDNS":0,
"surrogate.popunder.sources":"@*.imagefap.com *.moviefap.com imagefap.com moviefap.com *.grayvee.com grayvee.com",
"forbidActiveContentParentTrustCheck":true,
"nselNoMeta":true,
"clearClick.subexceptions":"http://w.sharethis.com/share3x/lightbox.html?* http://disqus.com/embed/* http://www.feedly.com/mini abine:*",
"noping":true,
"globalwarning":true,
"placeholderMinSize":32,
"httpsForced":"",
"showBaseDomain":true,
"forbidBookmarklets":true,
"jarDoc.notify":true,
"ABE.skipBrowserRequests":true,
"clearClick.prompt":true,
"ignorePorts":true,
"forbidXHR":1,
"fixURI":true,
"clearClick.exceptions":"noscript.net/getit flashgot.net/getit *.ebay.com *.photobucket.com",
"showPermanent":true,
"oldStylePartial":false,
"inclusionTypeChecking.exceptions":"",
"mandatory":"chrome: about: about:config about:neterror about:certerror about:plugins about:privatebrowsing about:sessionrestore resource: about:blocked",
"autoReload":true,
"autoReload.useHistory":false,
"surrogate.ga.exceptions":"",
"STS.expertErrorUI":false,
"notify.hidePermanent":true,
"surrogate.qs.replacement":"window.quantserve=function(){}",
"showPlaceholder":true,
"options.tabSelectedIndexes":"5,1,1",
"forbidFrames":true,
"showBlockedObjects":true,
"surrogate.yieldman.sources":"*.yieldmanager.com",
"forbidXBL":4,
"ABE.legacySupport":false},
"whitelist":"about: about:blocked about:certerror about:config about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: resource:",
"ABE":[{
"source":"# Prevent Internet sites from requesting LAN resources.\u000d\u000aSite LOCAL\u000d\u000aAccept from LOCAL\u000d\u000aDeny",
"name":"SYSTEM",
"timestamp":1261077097140,
"disabled":false},{
"source":"# User-defined rules. Feel free to experiment here.\u000d\u000a\u000d\u000a",
"name":"USER",
"timestamp":1261077097171,
"disabled":false}],
"V":"1.9.9.26"
}

Re: Forbid META redirections DOESN'T WORK.

Posted: Fri Dec 18, 2009 1:30 pm
by Giorgio Maone
Did you check the page's source code to see that:
  1. The meta refresh is actually embedded inside a <NOSCRIPT> element
  2. The page doesn't use JavaScript to redircet
?

Attachments here are disabled for security reasons.

Re: Forbid META redirections DOESN'T WORK.

Posted: Fri Dec 18, 2009 2:30 pm
by NeoScript
Hello.
With the config above, try open this profile for example: http://de-de.facebook.com/people/Linda-Hertl/1300234299
If that page didn't looping/refreshing non stop, then the only problem is in my browser preferences.

Re: Forbid META redirections DOESN'T WORK.

Posted: Fri Dec 18, 2009 3:01 pm
by therube
If facebook.com is not allowed, the redirection is stopped & I get the Redirection warning.
If I Follow Redirection, then it will simply loop back to the Redirection warning.
& if I Follow Redirection, ...

If facebook.com is Allowed, then the <noscript> tag is ignored, hence there is no Redirection warning, the page load "as expected", & we are non the wiser.

On each redirect, the "Friends" list changes.

If I open the page via Google Translate, then the redirect is ... is what, ignored? And the page loops on its own, continually - until you Stop it, or until Google decides you are doing something wrong.

http://translate.google.com/translate?p ... noscript=1
Google Sorry...

We're sorry...

... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.

Re: Forbid META redirections DOESN'T WORK.

Posted: Fri Dec 18, 2009 3:39 pm
by NeoScript
Yes, in my config facebook.com is NOT ALLOWED. The page loops on its own continually until I stop it AND I get the Redirection warning "NoScript blocked a <META> redirection inside a <NOSCRIPT> element: ?_fb_noscript=1 in 0 second".

If facebook.com is ALLOWED. The page is not loops and no warning.

Maybe it's because facebook.com, not NoScript.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited