I think it was RSnake who found this first, but the blocking mechanism seems to be only applied to the http protocol handler. Odd. Using the ftp protocol handler, we can bypass the block like so: ftp://jeremiahgrossman.blogspot.com:22/ If the port is up, it'll connect, if not, timeout.
I believe this technique could be used to improve JavaScript Port Scanning, where we’re currently only scanning horizontally for web servers (80/443). Instead we may be able to perform vertical port scans on the remaining ports and bypass the imposed restrictions. Perhaps also useful for the Browser Port Scanning without JavaScript technique.
I believe this technique could be used to improve JavaScript Port Scanning, where we’re currently only scanning horizontally for web servers (80/443). Instead we may be able to perform vertical port scans on the remaining ports and bypass the imposed restrictions. Perhaps also useful for the Browser Port Scanning without JavaScript technique.
6 comments:
that's odd. I get 'This address is restricted ... Firefox has cancelled the request ..." when I tried to access an ssh server via the ftp method you showed.
Hmmm, the ftp link should have given a "The connection has timed out" message after a minute or two.
Just to follow up, when testing on firefox on a debian fox I got the "Firefox has cencelled this request" message. When I tested on firefox on WinXP I did get the "connection has timed out"
Hate to be a nick picker, but I doubt it was RSnake who found this first. He was most likely the person you know who found this first. I bet the first person was the person who implemented this predicted behavior into firefox.
That's probably fair enough.
awesome, firefox has been upgraded because of it. Congrats.
Post a Comment