It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Something is wrong after I press post on ATS

page: 3
6
<< 1  2   >>

log in

join
share:

posted on Dec, 5 2014 @ 08:25 PM
link   
a reply to: SkepticOverlord

Knowing the Pid ID of the process accessing the network lets me know that it's the browser that's made the call to the virus download page. Hard to do on windows but I use something like wireshark

"That has no impact on the execution of client-side JavaScript."

Flash can access _javascript but you missed the point it is client side script in the browser that is redirecting the content of the I-Frame dynamically that can then do a document.write to load another I-Frame that runs the script to load the virus-ware script



Impossible to tell. Are you using Firebug? If so, that's one of the better ways to trace the origins of a JavaScript being executed by the browser.


I can go better that that because not only will the browser cache the script but the proxy server this end also keeps a copy so next time I will send you that too. You cannot always see the script by right clicking an I-Frame and using view source when they are nested.



Firebug?


Man I am way past that and can bring six tools to bear if I want to including my own Chromium cut down browser and link it to a DNS server over TCP (not UDP) on port 53 and even feed that to a custom proxy server using fake SSL certificates and man in the middle to filter out or parse HTTPS spyware scripts if I wanted too.



Why are you doing that on ATS? That's not a methodology for troubleshooting JavaScript origins, but instead, for testing target servers for exploitable vectors (among other things).


I said _javascript could not access raw sockets so I don't know what you are going on about but if script could then the script could fake anything and that's why access is not allowed via the DOM security model.

Yes sockets can be used to peek data before it gets to the browser so you are not quite right about "That's not a methodology for troubleshooting JavaScript origins" since the remote endpoint will also contain the IP address.

As I said I am happy to take this off line if you send me an email address and I am also happy if you feel the need to remove this thread
edit on 5-12-2014 by VirusGuard because: (no reason given)

edit on 5-12-2014 by VirusGuard because: (no reason given)




posted on Dec, 5 2014 @ 09:39 PM
link   

originally posted by: sheepslayer247
...this very same issue before and it only happens on ATS...

I think whatever the "issue" may be, has been muddled a bit. What happens to you after you press post?



posted on Dec, 5 2014 @ 09:54 PM
link   

originally posted by: VirusGuard
Flash can access _javascript

No it can't. Flash can execute JavaScript that it's given. Flash can receive variables from inline JavaScript. But Flash cannot access inline JavaScript.





...it is client side script in the browser that is redirecting the content of the I-Frame dynamically that can then do a document.write to load another I-Frame that runs the script to load the virus-ware script…

Apparently you're NOT aware of how an ad network waterfall works.

And if there was an errant ad network in the chain delivering errant malicious script, with nearly 150,000 unique users a day -- we'd know about it rather rapidly.



You cannot always see the script by right clicking an I-Frame and using view source when they are nested.

That why I suggested you try Firebug.



...f I want to including my own Chromium cut down browser and link it to a DNS server over TCP (not UDP) on port 53 and even feed that to a custom proxy server using fake SSL certificates and man in the middle to filter out or parse HTTPS spyware scripts if I wanted too.

All of that was techno-nonsense overkill. To test a website content, none of that would be appropriate… UDP is much more limited than TCP, and DNS by default is port 53 -- no need to specify it.

I've identified errant ads from networks dozens of times -- usually ads auto-playing audio, or doing redirects -- with FireBug on quite a few occasions over the years. None of what you posted is necessary.




I said _javascript could not access raw sockets

Not for long [url=https://developer.mozilla.org/en-US/docs/Web/API/TCPSocket]TCPSocket. I've used it in some trial work for FireFox OS.



posted on Dec, 6 2014 @ 11:32 AM
link   
a reply to: SkepticOverlord

I have not had the issue when I post a reply. It has only occurred when I clicked on a thread link or a page number within a thread.



posted on Dec, 7 2014 @ 06:55 PM
link   
a reply to: VirusGuard

Throw the $1000 a day card around huh? And you can't figure out why all of us...many of us...hundreds of thousands of regular long time ATS members have no such issues?

That doesn't say much for your proposed "expertise".

It settings...period. And we all telling you this don't make $1000 a day ..yet....we have to tell you?

Brownie points mentioned elsewhere here? You've lost all yours...sorry.




top topics
 
6
<< 1  2   >>

log in

join