Secret Agent Palemoon Addon Issues

Moj Račun
na Open.Tube Instanci Peertube-a
Kompromitiran
Trenutačno, poveznice na, i stranice sa, slikopisima na www.vankina2-10.com kao i na www.croatiafidelis.hr, ne prikazuju se ili se krivo prikazuju. Radim na popravku.

Vriedne Poveznice

Duck Duck go tražilica

Tor Project

Poviest hrvatskoga jezika

Peer Tube

Secret Agent Palemoon Addon Issues

pg. 0 (pg. 1)

What previously was on this index.php page that you are reading right now, is moved/renamed to:
pg. 0

And it was here at the time that I opened this topic
Secret Agent issues
on Palemoon forums.

To understand the issues with this Palemoon Add-on, pls. consider the videos, but esp. the corresponding traces of the first and the third one below:

and the trace:

dump_170112_0702_g0n_noPW.pcap

But surely I have removed the password(s) from it, explained below. The infix "_noPW" stands for no password.

Using my tshark-hosts-conv (primitive) program, I analyzed the trace, found which (two) packets (frames) the password is in and removed the packets holding it with:

tshark -r dump_170112_0702_g0n.pcap -Y \
    '(frame.number!=173)&&(frame.number!=405)' \
    -w dump_170112_0702_g0n_noPW.pcap

So that's the trace I can publish. But I did extract the streams with the anoother (simple) program of mine, with tshark-streams.

And here are the relevant streams, in which my password has been substituted with string "PASSWRD":

dump_170112_0702_g0n_s002-ssl.txt
dump_170112_0702_g0n_s006-ssl.txt

And here is the likely reason why the Secret Agent add-on was the cause that, as bug-wget page complains:
dump_170112_0702_g0n_s002-ssl
dump_170112_0702_g0n_s006-ssl
I extracted these two above from the dump_170112_0702_g0n_s002-ssl.bin and dump_170112_0702_g0n_s006-ssl.bin that the tshark-stream session got me. They were served 002 at around after 0:30 from start and 006 at around after 1:30 from start of capture, but they're identical, and they read, pasting it in this place in this web document you are reading along with HTML-entity-izing the < and > of the tags (and here in a separate document, just with the base tag in the head added, so that some links work, here it is as well):

<!-- $Revision: 3550 $ -->
<html>
<head><title>Bug-wget Subscription results</title>
</head>
<body bgcolor="white">
<h1>Bug-wget Subscription results</h1>
The hidden token didn't match.  Did your IP change?
<hr><address><a href="../listinfo/bug-wget">Bug-wget</a> list run by <a href="mailto:bug-wget-owner@gnu.org">gscrivano at gnu.org</a><br><a href="../admin/bug-wget">Bug-wget administrative interface</a> (requires authorization)<br><a href="../listinfo">Overview of all gnu.org mailing lists</a><p>
<table WIDTH="100%" BORDER="0">
  <tr>
    <td><img src="/images/mailman/mailman.jpg" alt="Delivered by Mailman" border=0><br>version 2.1.21</td>
    <td><img src="/images/mailman/PythonPowered.png" alt="Python Powered" border=0></td>
    <td><img src="/images/mailman/gnu-head-tiny.jpg" alt="GNU's Not Unix" border=0></td>
  </tr>
</table>
</address>
</body>
</html>

I really did get those 002 and 006 from dump_170112_0702_g0n_s002-ssl.bin (and the 006-ssl.bin respectively). Look it up in the Gentoo Forum topic how it's done:

I couldn't have smoothly extracted it from the dump_170112_0702_g0n_s002-ssl.txt, you need to use dump_170112_0702_g0n_s002-ssl.bin when you extract what is gzip'd in the stream.

SSL Decode & My Hard-Earned Advice for SPDY/HTTP2 in Firefox

That was the time that I learned to decrypt SSL.

But I was saying how the likely reason why the Secret Agent add-on was the cause of that bug-wget page complaining was there for the looking at!

Could it be because bug-wget page construes the token from the ip that it gets from the client, and if the ip remains the same, it will accept your input? And that it didn't get the same input for the ip, because something in the headers changed? Let's see.

In the 002:

Referer: https://lists.gnu.org/mailman/listinfo/bug-wget
If-None-Match: 2vMPbh
Via: 1.1 21.212.218.181
X-Forwarded-For: 252.204.72.213

and in the 006:

Referer: https://lists.gnu.org/mailman/listinfo/bug-wget
If-None-Match: wzETdB_1F
Via: 1.1 133.186.99.150
X-Forwarded-For: 252.230.79.13

Indeed, I don't even know what wisdom is applied here, about these tokens, if anybody knows, pls. do give us a link so us others interested may learn about it, but this is probably the reason I couldn't subscribe to bug-wget. (Maybe on the Wireshark mailing list, where I wrote about this page?)

See the third video and trace and you'll likely come to the same conclusion.

This one (video only) just shows more visually the change that I dicided to try about the issue. I started suspecting what the cause was... I didn't know I would be posting this (I just don't go online without tracing/casting since I was powned), but I did restart Palemoon after killing my uncenz program (for tracing/screncasting).

After removing the Secret Agent add-on. The video:

and the trace

(worked with:

tshark -r dump_170115_0720_g0n.pcap -Y '(frame.number!=308)' \
    -w dump_170115_0720_g0n_noPW.pcap

dump_170115_0720_g0n_noPW.pcap

The password substituted with "PASSWRD" in:

dump_170115_0720_g0n_s007-ssl.txt

In that 007:

Referer: https://lists.gnu.org/mailman/listinfo/bug-wget

there are no lines like previously we had:

If-None-Match: ...
Via: ...
X-Forwarded-For: ...

And the bug-wget page isn't complaining anymore:
dump_170115_0720_g0n_s007-ssl
which is the gunzip'd part that I extracted from the dump_170115_0720_g0n_s007-ssl.bin, and here is how it reads, pasting it in this place in this web document you are reading along with HTML-entity-izing the < and > of the tags (and here in a separate document, just with the base tag in the head added, so that some links work, here it is as well):

<!-- $Revision: 3550 $ -->
<html>
<head><title>Bug-wget Subscription results</title>
<base href="https://lists.gnu.org/">
</head>
<body bgcolor="white">
<h1>Bug-wget Subscription results</h1>
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator.  If confirmation is required, you will soon get a confirmation
email which contains further instructions.
<hr><address><a href="../listinfo/bug-wget">Bug-wget</a> list run by <a href="mailto:bug-wget-owner@gnu.org">gscrivano at gnu.org</a><br><a href="../admin/bug-wget">Bug-wget administrative interface</a> (requires authorization)<br><a href="../listinfo">Overview of all gnu.org mailing lists</a><p>
<table WIDTH="100%" BORDER="0">
  <tr>
    <td><img src="/images/mailman/mailman.jpg" alt="Delivered by Mailman" border=0><br>version 2.1.21</td>
    <td><img src="/images/mailman/PythonPowered.png" alt="Python Powered" border=0></td>
    <td><img src="/images/mailman/gnu-head-tiny.jpg" alt="GNU's Not Unix" border=0></td>
  </tr>
</table>
</address>
</body>
</html>

The files of this study are listed in: ls-1pg1

dump_170112_0702_g0n_noPW.pcap
dump_170112_0702_g0n_s002-or-s006-ssl.html
dump_170112_0702_g0n_s002-ssl
dump_170112_0702_g0n_s002-ssl.txt
dump_170112_0702_g0n_s006-ssl
dump_170112_0702_g0n_s006-ssl.txt
dump_170112_0702_g0n_SSLKEYLOGFILE.txt
dump_170115_0720_g0n_noPW.pcap
dump_170115_0720_g0n_s007-ssl
dump_170115_0720_g0n_s007-ssl.html
dump_170115_0720_g0n_s007-ssl.txt
dump_170115_0720_g0n_SSLKEYLOGFILE.txt
Screen_170112_0702_g0n.png
Screen_170112_0702_g0n.webm
Screen_170115_0716_g0n.png
Screen_170115_0716_g0n.webm
Screen_170115_0720_g0n.png
Screen_170115_0720_g0n.webm

and verify to: ls-1pg1.sum signed by: ls-1pg1.sum.asc

And if you are an Unix-like OS user, you can use my dump_dLo.sh script, comprised in this (simple) program: https://github.com/miroR/uncenz and download files of this entire page at once.