Jump to content

Recommended Posts

Posted (edited)
On 12/20/2023 at 6:03 PM, mina7601 said:

For Serpent 55, it works down to 60 as the minimum version. For Serpent 52, it works down to 63 as the minimum version. (after adding the "Firefox" slice manually)

Thanks for figuring that out - although I must admit I'm puzzled that the minimum supported FF version depends on the Serpent version! It sounds like, if Xitter sees a FF version between 60 and 62, it performs some other Javascript check, which Serpent 55 passes but Serpent 52 fails. Perhaps there's a pref that can be set in those old FF versions to pass the check, so it allows those versions if the check indicates the pref is set properly.

On 12/20/2023 at 6:03 PM, mina7601 said:

Correct, but it also has other differences besides that:

Mozilla/5.0 (%OS_SLICE% rv:4.8) Goanna/20170101 Basilisk/52.9.0

It doesn't have "Firefox" slice, and rv is 4.8. It also has "Goanna" slice instead of "Gecko", and the date is 20170101, instead of 20100101.

To be clear, I was referring to what I believed the Xitter SSUAO was intended to be; i.e., the SSUAO that didn't make it into last week's version. We don't know for certain what it was supposed to be, so I guessed. You're talking about the SSUAO that was actually in last week's version, which is known not to work.

Edit: for what little it's worth, this week's Serpent 52 includes this SSUAO for Xitter:

Mozilla/5.0 (%OS_SLICE% rv:102.0) Gecko/20100101 Firefox/102.0 Basilisk/52.9.0

... which is close to what I guessed.

Edited by Mathwiz

Posted

Had a bit of fun last weekend with KeePassXC-Browser extension, I posted about it here, the latest version 1.18.10, after some modifications, kinda works in Serpent (52) if you change manifest.json for it to require lesser Firefox version. The buttons it creates in login form fields are invisible, but clickable. Logging into GitHub is a breeze, only mouse clicks, no need for any key-combo or leaving the browser.

XUL version would be cool, but I doubt anyone will develop it. Even with the theory that the fact that Moonchild crew explicitly opted out of supporting ChromeZilla extensions could encourage development of XUL versions of extensions, guess that's s still a pipe dream in such a niche community.

Posted
17 hours ago, Mathwiz said:

To be clear, I was referring to what I believed the Xitter SSUAO was intended to be; i.e., the SSUAO that didn't make it into last week's version. We don't know for certain what it was supposed to be, so I guessed. You're talking about the SSUAO that was actually in last week's version, which is known not to work.

Oh, I misunderstood this. Sorry.

Posted
On 11/3/2023 at 11:54 AM, roytam1 said:

you have to enable security.ssl.enable_tls13_compat_mode in about:config

Still a problem with the website https://www.elektroda.pl
Even if it connects without errors on first entry, in just a minute or two further browsing is no longer possible because a secure connection error appears
Secure Connection Failed

Generally on all your browsers there is a problem.
On your browsers, even if the page loads the first time, when I start browsing longer on this page, in a moment it no longer wants to connect to the page because there is a secure connection error
The same website has no problems on the old version of
Firefox 52.9.0esr
With firefox you can browse the site for hours and nothing happens, no secure connection errors

Posted (edited)
2 hours ago, adata said:

Still a problem with the website https://www.elektroda.pl
Even if it connects without errors on first entry, in just a minute or two further browsing is no longer possible because a secure connection error appears
Secure Connection Failed

Generally on all your browsers there is a problem.
On your browsers, even if the page loads the first time, when I start browsing longer on this page, in a moment it no longer wants to connect to the page because there is a secure connection error
The same website has no problems on the old version of
Firefox 52.9.0esr
With firefox you can browse the site for hours and nothing happens, no secure connection errors

I can't replicate your problem, I browsed in that website (in latest Serpent 52 (2023-12-21) (32-bit)) for more than 2 minutes, and further browsing is still possible. No "Secure Connection Failed" error appears. :dubbio:

Edited by mina7601
Posted (edited)

I get "Secure Connection Failed:"

image.thumb.png.115d966b4040f3d495f473ccdd4b782d.png

Toggling security.ssl.enable_tls13_compat_mode made no difference. Only difference is, I used the 64-bit version of Serpent 52. @adata, does your error page match the above (except possibly for language)?

Edited by Mathwiz
Posted (edited)
15 hours ago, Mathwiz said:

I get "Secure Connection Failed:"

Again, this ISN'T an SSL/TLS related issue, but a UA-based block :realmad: ; in last week's St52, I, too, get the same error as you, but, surprise, I "get in" with below SSUAO:

general.useragent.override.elektroda.pl;Mozilla/5.0 (Windows NT 10.0; rv:120.0) Gecko/20100101 Firefox/120.0

VPhcK5m.png

EDIT: Of course, a SSUAO with a value of just "Chrome" :angry: will also enable access to both "www.elektroda.pl" (original, Polish edition) and "www.elektroda.com" (global edition, in English) ...

Edited by VistaLover
Posted

What is it with all these user-agent-based blocks all of a sudden? First Intel, then Xitter, elektroda.com.... I thought UA-based blocking was "old school" and everyone was supposed to be checking your browser's Javascript capabilities nowadays, but it seems UA blocking (and thence spoofing) is making a comeback for some stupid reason. (Although some - e.g., Xitter - seem to be using a combination; see @mina7601's recent post for example....)

It's especially galling to see a ridiculous UA like just the word "Chrome" get past way too many of these stupid UA blocks, as if, "oh, you're using Chrome? Well, welcome; we don't even care what version you're running! But you over there, running Firefox - you'd better be running the very latest version, or a bas with you!"

It's beginning to look like we should all just start spoofing Chrome 109 (last Win 7 version) even if our browser has no relationship with Chrome at all, and be done with all this UA nonsense.

Posted (edited)

Well, the plot thickens....

The ridiculous UA "Chrome" does indeed get one into elektroda.pl, but an honest-to-goodness Chrome 109 user agent, Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36, does not! Changing the Windows version to 10.0 didn't help either.

Even the Firefox UA @VistaLover gave above doesn't get me into elektroda.pl! Nor does a UA consisting of just the word "Firefox." So far, only "Chrome" seems to do the trick. Edit: You can get away with this much: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome Safari/537.36

Just don't reveal that you aren't using the latest Chrome version! Apparently elektroda.pl wants to see "Chrome" but not a "too old" version. They also don't seem to mind Windows 7 (so I guess Supermium is OK?)

This was all done using the latest Serpent 52, BTW, so obviously Chrome itself is not required; just the word in the UA....

Edited by Mathwiz
Posted

If they use the user agent, then it is better than other methods because you can change it. There are ways of detecting Firefox in JavaScript. Some sites don't work with Firefox regardless of the agent, and I can't do anything about that. I was banned from a private site for using Firefox within a couple of days.

I can't load Elektroda at all currently. It says "Waiting for".

Posted (edited)
35 minutes ago, j7n said:

If they use the user agent, then it is better than other methods because you can change it.

Well, it's certainly better for us! I'm just surprised that Web sites still use the technique, because it's easily fooled, and doesn't really tell them what they want to know.

35 minutes ago, j7n said:

I was banned from a private site for using Firefox within a couple of days.

Chrome snobs?

For example, only Firefox has the InternalError Javascript built-in function. Supported since Firefox 2! There doesn't seem to be a pref to turn it off either, although I suppose you could "undefine" it with a user script? And yes, that makes InternalError our second Mozilla-ism (after StructuredClone. StructuredClone can't be used for Firefox testing, though, because Chromium did adopt it eventually.)

Edited by Mathwiz
Posted

I get in elektroda.pl without an issue with official Pale Moon on Win11 or Linux, native user agent. Guess they don't like your browsers.

Posted (edited)

Luckily, I was able to access @adata's cited website in Serpent 52 and New Moon 28 without using the SSUAO @VistaLover kindly provided us, and also without enabling the security.ssl.enable_tls13_compat_mode option mentioned by @roytam1. However, I had to add the SSUAO in Serpent 55 with just the value of "Chrome", as it gave "Secure Connection Failed" error message when I tried to access the website without the SSUAO. Even though the SSUAO provided by @Mathwiz works as well, putting just "Chrome" in the value is much quicker.

Edited by mina7601
Posted (edited)
44 minutes ago, UCyborg said:

I get in elektroda.pl without an issue with official Pale Moon on Win11 or Linux, native user agent. Guess they don't like your browsers.

I'm not entirely sure what's going on, but as with Xitter, @mina7601's test implies there's more going on than just UA sniffing. If it were just the UA, it wouldn't matter whether you used Serpent 52, 55, PM, NM, or what-have-you.

My best guess: first they check the UA, then based on the browser they think you have, they do other Javascript checks. If those fail, they just drop the connection, leading to the "Secure Connection Failed" error screen.

If so, apparently our browsers are better at passing a "generic Chrome" test than a "generic Firefox" test!

Edit: BTW, that Chrome 109 UA works with 360EE (Chromium-86-based), but not Serpent 52 (well, I haven't tried a clean profile yet; that's yet another variable to consider).

Edit 2: Well, this is a first; for Serpent 52, the maximum Chrome version that works is 88! (The minimum version is 75.) If I put anything newer in the UA, "secure connection failed." I must admit I've never seen a browser rejected for being too recent!

Edited by Mathwiz
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...