Suite de "Firefox, tu m'inquietes" : safebrowsing.google.com
vendredi 21 août 2015 à 17:33Oros links
Suite des tests : https://www.ecirtam.net/links/?searchtags=+firefox+r%C3%A9seau+securit%C3%A9+
J'ai viré le https pour google afin de voir le trafique réseau.
Dans /home/user/.mozilla/firefox/xxxxxxx/prefs.js :
```
user_pref("browser.safebrowsing.appRepURL", "http://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%";);
user_pref("browser.safebrowsing.gethashURL", "http://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2";);
user_pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=";);
user_pref("browser.safebrowsing.reportURL", "http://safebrowsing.google.com/safebrowsing/report?";);
user_pref("browser.safebrowsing.updateURL", "http://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%";);
```
Voici ce que l'on obtient avec wireshark à l'ouverture de firefox :
```
POST /safebrowsing/downloads?client=Firefox&appver=40.0&pver=2.2&key=AIzjSyAQfEPJioumkh0jOBEOI5ZieffeBv6ygt2Q HTTP/1.1
Host: safebrowsing.google.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Length: 19046
Content-Type: text/plain
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
goog-badbinurl-shavar;a:31786-75623:s:35926,35928,35930,35941, [...] ,60950-61352,61354-61714
goog-phish-shavar;a:399586-411945:s:222071,222076-222077,222079, [...] ,230114-232539
goog-malware-shavar;a:165626-207289:s:156307-156311,156313-156318, [...], 198660-199133
goog-unwanted-shavar;
HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
Date: Fri, 21 Aug 2015 15:19:03 GMT
Server: HTTP server (unknown)
Content-Length: 22016
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: PREF=ID=1111111111111111:TM=1440170343:LM=1440170343:V=1:S=Cc2cbkftd90cVpIZ; expires=Thu, 31-Dec-2015 16:02:17 GMT; path=/; domain=.google.com
Set-Cookie: NID=70=loViYWrE_DO9O57ds8OrV1YzPHtp9sSiCenNfRRpyaPhUclNr6d99vNluBA8kMigluvgUqnRFvAuxWfXxrNIN5Qweei7E8_LdH-2d0mSzbR5qfN_q7CX9gdfwCZc3UQm; expires=Sat, 20-Feb-2016 15:19:03 GMT; path=/; domain=.google.com; HttpOnly
Expires: Fri, 21 Aug 2015 15:19:03 GMT
Cache-Control: private
n:1862
i:goog-badbinurl-shavar
ad:31786-33445
sd:35926,35928,35930,35941,35947-35950[...]
```
Notes :
"[...]" == text coupé car très très long
AIzjSyAQfEPJioumkh0jOBEOI5ZieffeBv6ygt2Q est un identifiant unique.
Donc google sait lorsque vous ouvrez votre navigateur !
Pour bloquer ça, dans about:config:
browser.safebrowsing.appRepURL : <vide>
browser.safebrowsing.gethashURL : <vide>
browser.safebrowsing.malware.reportURL : <vide>
browser.safebrowsing.reportURL : <vide>
browser.safebrowsing.updateURL : <vide>
browser.safebrowsing.downloads.enabled : false
browser.safebrowsing.enable : false
browser.safebrowsing.malware.enabled : false
https://ecirtam.net/wiki/doku.php?id=wiki:firefox:about_config
https://github.com/Oros42/firefox_change_prefs
Pour suivre les articles sur le sujet : https://www.ecirtam.net/links/?searchtags=+firefox+r%C3%A9seau+securit%C3%A9
(Permalink)
Suite des tests : https://www.ecirtam.net/links/?searchtags=+firefox+r%C3%A9seau+securit%C3%A9+
J'ai viré le https pour google afin de voir le trafique réseau.
Dans /home/user/.mozilla/firefox/xxxxxxx/prefs.js :
```
user_pref("browser.safebrowsing.appRepURL", "http://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%";);
user_pref("browser.safebrowsing.gethashURL", "http://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2";);
user_pref("browser.safebrowsing.malware.reportURL", "http://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=";);
user_pref("browser.safebrowsing.reportURL", "http://safebrowsing.google.com/safebrowsing/report?";);
user_pref("browser.safebrowsing.updateURL", "http://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%";);
```
Voici ce que l'on obtient avec wireshark à l'ouverture de firefox :
```
POST /safebrowsing/downloads?client=Firefox&appver=40.0&pver=2.2&key=AIzjSyAQfEPJioumkh0jOBEOI5ZieffeBv6ygt2Q HTTP/1.1
Host: safebrowsing.google.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Length: 19046
Content-Type: text/plain
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
goog-badbinurl-shavar;a:31786-75623:s:35926,35928,35930,35941, [...] ,60950-61352,61354-61714
goog-phish-shavar;a:399586-411945:s:222071,222076-222077,222079, [...] ,230114-232539
goog-malware-shavar;a:165626-207289:s:156307-156311,156313-156318, [...], 198660-199133
goog-unwanted-shavar;
HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
Date: Fri, 21 Aug 2015 15:19:03 GMT
Server: HTTP server (unknown)
Content-Length: 22016
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: PREF=ID=1111111111111111:TM=1440170343:LM=1440170343:V=1:S=Cc2cbkftd90cVpIZ; expires=Thu, 31-Dec-2015 16:02:17 GMT; path=/; domain=.google.com
Set-Cookie: NID=70=loViYWrE_DO9O57ds8OrV1YzPHtp9sSiCenNfRRpyaPhUclNr6d99vNluBA8kMigluvgUqnRFvAuxWfXxrNIN5Qweei7E8_LdH-2d0mSzbR5qfN_q7CX9gdfwCZc3UQm; expires=Sat, 20-Feb-2016 15:19:03 GMT; path=/; domain=.google.com; HttpOnly
Expires: Fri, 21 Aug 2015 15:19:03 GMT
Cache-Control: private
n:1862
i:goog-badbinurl-shavar
ad:31786-33445
sd:35926,35928,35930,35941,35947-35950[...]
```
Notes :
"[...]" == text coupé car très très long
AIzjSyAQfEPJioumkh0jOBEOI5ZieffeBv6ygt2Q est un identifiant unique.
Donc google sait lorsque vous ouvrez votre navigateur !
Pour bloquer ça, dans about:config:
browser.safebrowsing.appRepURL : <vide>
browser.safebrowsing.gethashURL : <vide>
browser.safebrowsing.malware.reportURL : <vide>
browser.safebrowsing.reportURL : <vide>
browser.safebrowsing.updateURL : <vide>
browser.safebrowsing.downloads.enabled : false
browser.safebrowsing.enable : false
browser.safebrowsing.malware.enabled : false
https://ecirtam.net/wiki/doku.php?id=wiki:firefox:about_config
https://github.com/Oros42/firefox_change_prefs
Pour suivre les articles sur le sujet : https://www.ecirtam.net/links/?searchtags=+firefox+r%C3%A9seau+securit%C3%A9
(Permalink)