InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Why does ABE block access to goolag.com

https://forums.informaction.com/viewtopic.php?t=4392

Page 1 of 1

Why does ABE block access to goolag.com

Posted: Mon May 24, 2010 6:54 pm
by luntrus
Hi forum members,

ABE blocks (or rather Google does want to block) access to the vulnerability scanner at goolag.com. It says "filtered by ABE local, deny".
I know that goolag can be used to vulnerability test and as a handy tool in the hands of script kiddies or malcreants,
but it is the same like taking a hammer away from someone because he may not sculpt but rather ruin,

luntrus

Re: Why does ABE block access to goolag.com

Posted: Mon May 24, 2010 9:30 pm
by Giorgio Maone
ABE is blocking it because of a request from the internet to your intranet.
Could you show me the [ABE] lines you'll find in Tools|Error Console when this happens?

Re: Why does ABE block access to goolag.com

Posted: Mon May 24, 2010 10:56 pm
by luntrus
Hi Giorgio Maone,

Trying to launch: www,goolag.com I Moved Permanently

Object moved permanently -- see URI list http://www.gootar.com/favicon.ico"> Gootar Guitar Chord Generator and Scale Finder Programs... 86,724,401 (million) chords
URL: http://www.goolag.com
Redirects: 301 -> http://www.gootar.com
See what happens here: http://jsunpack.jeek.org/dec/go?report= ... cc2305963c
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75
asyncOpen([object XPCWrappedNative_NoHelper],null)@:0
()@chrome://noscript/content/IOUtil.js:502
([object Object])@chrome://noscript/content/ABE.js:295
()@chrome://noscript/content/DNS.js:230
([object XPCWrappedNative_NoHelper],[object XPCWrappedNative_NoHelper],0)@chrome://noscript/content/DNS.js:342
=================
[ABE] <LOCAL> Deny on {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
=========================================================
[NoScript XSS] xss.reason.TypeError: noties[noties.length - 1].close is not a function --- appendNotification("Request {GET http://www.goolag.org/ <<< http://www.schneier.com/blog/archives/2 ... nerab.html, http://www.schneier.com/blog/archives/2 ... nerab.html - 6} filtered by ABE: <LOCAL> Deny","noscript-abe-notification","chrome://noscript/skin/abe16.png",6,[object Array])@chrome://flock/content/bindings/notification.xml:295
([object Object])@chrome://noscript/content/noscriptOverlay.js:1658
([object Object],0,[object Array])@chrome://noscript/content/RequestWatchdog.js:168
([object Object],false)@chrome://noscript/content/RequestWatchdog.js:170
([object Object],2162688)@chrome://noscript/content/RequestWatchdog.js:120
([object XPCWrappedNative_NoHelper],"http-on-modify-request",null)@chrome://noscript/content/RequestWatchdog.js:75

Please explain what happens here, it is certainly a fishy re-direct like here: http://blog.unmaskparasites.com/2009/01 ... blo-me-uk/

luntrus

Re: Why does ABE block access to goolag.com

Posted: Tue May 25, 2010 7:58 am
by Giorgio Maone
googlar.org requested by following an internet link (from Schneier's blog, in your case) gets blocked because it currently points to a private network address, i.e. 10.4.223.196.
I'm not sure whether this is a DNS misconfiguration or something else, but you couldn't definitely open that address unless it was present inside your LAN (it's not routable).

The "noties[noties.length - 1].close is not a function" thing makes me curious, though: it seems you've got some extension which interferes with NoScript's XSS InjectionChecker.
Do you get that kind of message for every request?
If so, could you try Standard Diagnostic until you find the extension causing that?

Re: Why does ABE block access to goolag.com

Posted: Tue May 25, 2010 7:09 pm
by luntrus
Hi Giorgio Maone,

No, it was just on this single occasion. The only error I see in the error console now since a long time is
Error: not well-formed
Source File:
Line: 1, Column: 46
Source Code:
<body xmlns="http://www.w3.org/1999/xhtml">&t=4392</
My add-ons: AdBlock Plus 1.2, Distrust (not active) 0.8.1, Fiddler Switch 1.5, Fireheeper 0.3.1 (beta), might be it....
Inline Code Finder 0.95, your NoScript 1.9.9.77 & Request Policy 0.5.13, Web Developer 1.1.8., WOT 20100503
That's all, when I have found the crux will report back to you,

luntrus
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited