Secret Agent Palemoon Addon Issues
What previously was on this index.php page that you are reading right now, is moved/renamed to:
pg. 0
And it was here at the time that I opened this topic
Secret Agent issues
on Palemoon forums.
To understand the issues with this Palemoon Add-on, pls. consider the videos, but esp. the corresponding traces of the first and the third one below:
and the trace:
dump_170112_0702_g0n_noPW.pcap
But surely I have removed the password(s) from it, explained below. The infix "_noPW" stands for no password.
Using my tshark-hosts-conv (primitive) program, I analyzed the trace, found which (two) packets (frames) the password is in and removed the packets holding it with:
tshark -r dump_170112_0702_g0n.pcap -Y \ '(frame.number!=173)&&(frame.number!=405)' \ -w dump_170112_0702_g0n_noPW.pcap
So that's the trace I can publish. But I did extract the streams with the anoother (simple) program of mine, with tshark-streams.
And here are the relevant streams, in which my password has been substituted with string "PASSWRD":
dump_170112_0702_g0n_s002-ssl.txt
dump_170112_0702_g0n_s006-ssl.txt
And here is the likely reason why the Secret Agent add-on was the cause that, as bug-wget page complains:
dump_170112_0702_g0n_s002-ssl
dump_170112_0702_g0n_s006-ssl
I extracted these two above from the dump_170112_0702_g0n_s002-ssl.bin and dump_170112_0702_g0n_s006-ssl.bin that the tshark-stream session got me. They were served 002 at around after 0:30 from start and 006 at around after 1:30 from start of capture, but they're identical, and they read, pasting it in this place in this web document you are reading along with HTML-entity-izing the < and > of the tags (and here in a separate document, just with the base tag in the head added, so that some links work, here it is as well):
<!-- $Revision: 3550 $ --> <html> <head><title>Bug-wget Subscription results</title> </head> <body bgcolor="white"> <h1>Bug-wget Subscription results</h1> The hidden token didn't match. Did your IP change? <hr><address><a href="../listinfo/bug-wget">Bug-wget</a> list run by <a href="mailto:bug-wget-owner@gnu.org">gscrivano at gnu.org</a><br><a href="../admin/bug-wget">Bug-wget administrative interface</a> (requires authorization)<br><a href="../listinfo">Overview of all gnu.org mailing lists</a><p> <table WIDTH="100%" BORDER="0"> <tr> <td><img src="/images/mailman/mailman.jpg" alt="Delivered by Mailman" border=0><br>version 2.1.21</td> <td><img src="/images/mailman/PythonPowered.png" alt="Python Powered" border=0></td> <td><img src="/images/mailman/gnu-head-tiny.jpg" alt="GNU's Not Unix" border=0></td> </tr> </table> </address> </body> </html>
I really did get those 002 and 006 from dump_170112_0702_g0n_s002-ssl.bin (and the 006-ssl.bin respectively). Look it up in the Gentoo Forum topic how it's done:
I couldn't have smoothly extracted it from the dump_170112_0702_g0n_s002-ssl.txt, you need to use dump_170112_0702_g0n_s002-ssl.bin when you extract what is gzip'd in the stream.
SSL Decode & My Hard-Earned Advice for SPDY/HTTP2 in Firefox
That was the time that I learned to decrypt SSL.
But I was saying how the likely reason why the Secret Agent add-on was the cause of that bug-wget page complaining was there for the looking at!
Could it be because bug-wget page construes the token from the ip that it gets from the client, and if the ip remains the same, it will accept your input? And that it didn't get the same input for the ip, because something in the headers changed? Let's see.
In the 002:
Referer: https://lists.gnu.org/mailman/listinfo/bug-wget If-None-Match: 2vMPbh Via: 1.1 21.212.218.181 X-Forwarded-For: 252.204.72.213
and in the 006:
Referer: https://lists.gnu.org/mailman/listinfo/bug-wget If-None-Match: wzETdB_1F Via: 1.1 133.186.99.150 X-Forwarded-For: 252.230.79.13
Indeed, I don't even know what wisdom is applied here, about these tokens, if anybody knows, pls. do give us a link so us others interested may learn about it, but this is probably the reason I couldn't subscribe to bug-wget. (Maybe on the Wireshark mailing list, where I wrote about this page?)
See the third video and trace and you'll likely come to the same conclusion.
This one (video only) just shows more visually the change that I dicided to try about the issue. I started suspecting what the cause was... I didn't know I would be posting this (I just don't go online without tracing/casting since I was powned), but I did restart Palemoon after killing my uncenz program (for tracing/screncasting).
After removing the Secret Agent add-on. The video:
and the trace
(worked with:
tshark -r dump_170115_0720_g0n.pcap -Y '(frame.number!=308)' \ -w dump_170115_0720_g0n_noPW.pcap
):
dump_170115_0720_g0n_noPW.pcap
The password substituted with "PASSWRD" in:
dump_170115_0720_g0n_s007-ssl.txt
In that 007:
Referer: https://lists.gnu.org/mailman/listinfo/bug-wget
there are no lines like previously we had:
If-None-Match: ... Via: ... X-Forwarded-For: ...
And the bug-wget page isn't complaining anymore:
dump_170115_0720_g0n_s007-ssl
which is the gunzip'd part that I extracted from the dump_170115_0720_g0n_s007-ssl.bin, and here is how it reads, pasting it in this place in this web document you are reading along with HTML-entity-izing the < and > of the tags (and here in a separate document, just with the base tag in the head added, so that some links work, here it is as well):
<!-- $Revision: 3550 $ --> <html> <head><title>Bug-wget Subscription results</title> <base href="https://lists.gnu.org/"> </head> <body bgcolor="white"> <h1>Bug-wget Subscription results</h1> Your subscription request has been received, and will soon be acted upon. Depending on the configuration of this mailing list, your subscription request may have to be first confirmed by you via email, or approved by the list moderator. If confirmation is required, you will soon get a confirmation email which contains further instructions. <hr><address><a href="../listinfo/bug-wget">Bug-wget</a> list run by <a href="mailto:bug-wget-owner@gnu.org">gscrivano at gnu.org</a><br><a href="../admin/bug-wget">Bug-wget administrative interface</a> (requires authorization)<br><a href="../listinfo">Overview of all gnu.org mailing lists</a><p> <table WIDTH="100%" BORDER="0"> <tr> <td><img src="/images/mailman/mailman.jpg" alt="Delivered by Mailman" border=0><br>version 2.1.21</td> <td><img src="/images/mailman/PythonPowered.png" alt="Python Powered" border=0></td> <td><img src="/images/mailman/gnu-head-tiny.jpg" alt="GNU's Not Unix" border=0></td> </tr> </table> </address> </body> </html>
The files of this study are listed in: ls-1pg1
dump_170112_0702_g0n_noPW.pcap dump_170112_0702_g0n_s002-or-s006-ssl.html dump_170112_0702_g0n_s002-ssl dump_170112_0702_g0n_s002-ssl.txt dump_170112_0702_g0n_s006-ssl dump_170112_0702_g0n_s006-ssl.txt dump_170112_0702_g0n_SSLKEYLOGFILE.txt dump_170115_0720_g0n_noPW.pcap dump_170115_0720_g0n_s007-ssl dump_170115_0720_g0n_s007-ssl.html dump_170115_0720_g0n_s007-ssl.txt dump_170115_0720_g0n_SSLKEYLOGFILE.txt Screen_170112_0702_g0n.png Screen_170112_0702_g0n.webm Screen_170115_0716_g0n.png Screen_170115_0716_g0n.webm Screen_170115_0720_g0n.png Screen_170115_0720_g0n.webm
and verify to: ls-1pg1.sum signed by: ls-1pg1.sum.asc
And if you are an Unix-like OS user, you can use my dump_dLo.sh script, comprised in this (simple) program: https://github.com/miroR/uncenz and download files of this entire page at once.