Jump to content

MarioNet Browser Attack


Recommended Posts

With uMatrix the general rule to insert is:

no-workers: * true

you can enter exceptions for any problematic websites in an easier way.

With uBlock Origin, here is the general form of the exception:

*$csp=worker-src 'none',domain=~example.com

Edited by Sampei.Nihira
Link to post
Share on other sites

It's just as well; I absolutely cannot get uBO to properly install in Advanced Chrome anyway.

It looks like I get a partial download: it says it's added, but if I click on the button all the icons are text. If I go to the dashboard it's all blank

I'm giving up. uBO works fine in Serpent without any of these issues.

Link to post
Share on other sites
9 hours ago, Tripredacus said:

The Browserleaks website doesn't do anything if javascript is disabled and also it appears the MarioNet thing uses javascript also

Agreed. I had to enable NoScript for that site otherwise every entry was blank including MarioNet

Edited by risk_reversal
  • Like 1
Link to post
Share on other sites
5 hours ago, Mathwiz said:

It's just as well; I absolutely cannot get uBO to properly install in Advanced Chrome anyway.

It looks like I get a partial download: it says it's added, but if I click on the button all the icons are text. If I go to the dashboard it's all blank

I'm giving up. uBO works fine in Serpent without any of these issues.

Ublock Origin actually works fine on advanced Chrome as well, but the latest version is not supported. There's a topic in this forum somewhere in which we discussed about this 'cause I had a similar problem and I found out which version was the last supported version.

Link to post
Share on other sites

Well, I guess that would explain it. Of course, with FF/Serpent/etc., it's easy both to find and to load older versions from GitHub. With Chrome I'm kind of starting from scratch trying to learn all over again how to do those things.

Edit: I vaguely remembered reading your thread, so I went searching, and sure enough, there was one of @VistaLover's wonderfully clear posts explaining why uBO is such a ridiculous mess on Chrome (Advanced or stock):

Edited by Mathwiz
Link to post
Share on other sites
On 10/16/2018 at 6:14 AM, VistaLover said:

Versions of uBlock Origin > 1.16.20=1.16.18 for Google Chrome now require Chrome version >=52.0; Advanced Chrome will advertise itself on Google Store as v54.20.6530.0, so it will allow the download and install of latest version of uBlock0; but because, in essence, AdvChr is Chrome v48.0+51.0, it does not support the Javascript functions of uBlock0 > 1.16.20 (as already explained by heinoganda).

The problem with Google Store is, unlike the Firefox extensions repository (AMO), that it does not offer previous versions of an extension, so once you upgrade to a non-working version of an extension, you can't revert back (at least easily) :realmad:

Chromium will allow for installation of unsigned extensions, so installing from uBlock0's GitHub repo is an option in this case; while in developer mode, you can convert the github downloaded 1.16.20 zip file into a proper .crx one:


https://www.datafilehost.com/d/c5a80c4a

In the case of Google Chrome 49 (and 50, for Vista users), you should be stuck at version 1.16.18 (IDK whether v1.16.20, identical to 1.16.18, was properly released in Google Store), so no problem with upgrading to an incompatible version there; but what if you want to install uBlock0 v1.16.18 for the first time/re-install?

Release branch Chrome will disable any non-signed extension (i.e. not coming from their store), even installed during dev mode, at next browser restart :angry:; I have managed to track down a signed version of uBlock0 v1.16.18, at the admin's discretion, I have uploaded it to:


https://www.datafilehost.com/d/dff0eb77

Maybe @sdfox7 is interested in permanently archiving it onto his server... ;)

 

Link to post
Share on other sites
18 hours ago, heinoganda said:

@Sampei.Nihira

This does not help on Chromium browsers that have implemented ServiceWorker.

With μMatrix

SW1u-Matrix.jpg

With proxy filter

SW2Proxy.jpg

:)

Hi.

I tried with the rule in uBlock Origin and your situation is not playable in my Chrome.

The rule works as shown in the image below:

1jUHVFBF_o.jpg

With uMatrix it would be the same:

 

https://www.wilderssecurity.com/threads/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page.413876/#post-2812330

Edited by Sampei.Nihira
Link to post
Share on other sites
20 hours ago, Mathwiz said:

It's just as well; I absolutely cannot get uBO to properly install in Advanced Chrome anyway.

It looks like I get a partial download: it says it's added, but if I click on the button all the icons are text. If I go to the dashboard it's all blank

I'm giving up. uBO works fine in Serpent without any of these issues.

 

14 hours ago, FranceBB said:

Ublock Origin actually works fine on advanced Chrome as well, but the latest version is not supported. There's a topic in this forum somewhere in which we discussed about this 'cause I had a similar problem and I found out which version was the last supported version.

14 hours ago, Mathwiz said:

Well, I guess that would explain it. Of course, with FF/Serpent/etc., it's easy both to find and to load older versions from GitHub. With Chrome I'm kind of starting from scratch trying to learn all over again how to do those things.

Edit: I vaguely remembered reading your thread, so I went searching, and sure enough, there was one of @VistaLover's wonderfully clear posts explaining why uBO is such a ridiculous mess on Chrome (Advanced or stock):

Well thanks to @VistaLover's post, I downloaded the signed version of uBO 1.16.18 he uploaded - but Advanced Chrome still won't install it! Says "Apps, extensions, and user scripts cannot be installed from this Web site." Referring, of course, to the file on my own PC. :realmad:

Found the "developer mode" checkbox and tried that; didn't help. Even tried unpacking the .crx file to a directory and loading it with "Load unpacked extension" - but that just got an error that the "_metadata" subdirectory was invalid because its name starts with a reserved "_" character!

This is ridiculous. It won't install from anyplace other than the Google Store - but the Google Store only has an incompatible version!

Edit: Well, I finally figured it out (sort of); I was able to install uBO 1.16.18 by dragging the .crx file onto the chrome://extensions page. (This works in FF/Serpent/etc. too, but usually in those browsers, I just click on the .xpi file; that doesn't work in Chrome! :realmad:)

Edited by Mathwiz
Link to post
Share on other sites
3 hours ago, Sampei.Nihira said:

The rule works as shown in the image below:

1jUHVFBF_o.jpg

With uMatrix it would be the same

 

1. We are in the forum for Windows XP
2. It's about the older Chromium versions 44, the last official version for Windows XP 49 and Advanced Chrome 54.
3. On Windows 7/8/10 with Chromium version 72 it works with μBlock and / or μMatrix. (I'm lost for words!)
4. Please test under the conditions like other users in this part of the forum too, OS WindowsXP x86 and older Chromium versions as listed above!

 

@Mathwiz

Maybe try this way to get an older version of μBlock installed.

 

:)

 

Edited by heinoganda
Link to post
Share on other sites

I will never,never,never,install Chrome/Chromium :thumbdown on my PC running Windows XP.

Almost certainly your problem is not due to the OS but to the version of uMatrix or uBlock Origin.

Installing the latest versions these extensions should be possible.

I installed the latest version of UBO in my FF 52 ESR:

I certainly will not be doing this test.:)

 

 

Edited by Sampei.Nihira
Link to post
Share on other sites
1 hour ago, Mathwiz said:

Well thanks to @VistaLover's post, I downloaded the signed version of uBO 1.16.18 he uploaded - but Advanced Chrome still won't install it! Says "Apps, extensions, and user scripts cannot be installed from this Web site." Referring, of course, to the file on my own PC. :realmad:

I have AdvChrome v54.20.6530.0 32-bit installed in VistaSP2 x86; you should open chrome tab "chrome://extensions/" and make sure "developer mode" is checked on top right; then drag-n-drop downloaded file "uBlock0-1_16_18_0.crx" (signed) onto that tab; you should get a prompt to allow or cancel extension installation:

jjO7GmI.jpg

if you don't, perhaps something's gone awry in your profile...

Link to post
Share on other sites

Well, @Sampei.Nihira, given all the trouble I had, I can't say I blame you.

But just to be clear, the last working version of uBO on Chrome (1.16.18/1.16.20) is more recent than the last working version on FF 52 (1.16.4.9).

Edit: Actually 1.17.4, which is more recent than 1.16.18/20, runs on Serpent 52, so I should've realized it'd run on FF 52 also :blushing:. 1.16.4.9 is the latest uBO version for PM/NM/Basilisk, though, since those browsers either never supported or no longer support WE's....

You can run the latest version of uBO on Serpent 55 (although the WebRTC option is greyed out).

Edited by Mathwiz
Link to post
Share on other sites

Thanks @VistaLover; I figured it out on my own eventually and edited my above post accordingly.

Just really annoying that Google makes things so much harder.... They keep reminding my why I avoid their browser! :P

Link to post
Share on other sites
4 minutes ago, Mathwiz said:

Well, @Sampei.Nihira, given all the trouble I had, I can't say I blame you.

But just to be clear, the last working version of uBO on Chrome (1.16.18/1.16.20) is more recent than the last working version on FF 52 (1.16.4.9).

You can run the latest version of uBO on Serpent 55 (although the WebRTC option is greyed out). 

YaFalWWI_o.jpg

;):hello:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...