Mozzarella

Home

Port Authority

Code
This addon is free and open-source software (FOSS) all code can be found here: https://github.com/ACK-J/Port_Authority
Please report your bugs or feature requests in a GitHub issue instead of in a review.

Blog Post (Currently Down)
https://www.g666gle.me/Port-Authority/

Test if it works! (Currently Down)
https://www.g666gle.me/PortScan.html

What does this addon do?

  1. Blocks all possible types of port scanning (HTTP/HTTPS/WS/WSS/FTP/FTPS)
  2. Dynamically blocks the ThreatMetrix tracking scripts made by one of the largest and least ethical data brokers IMO (Lexis Nexis)
  3. Easily auditable, with the core functionality being about 250 lines of code. HERE
  4. Gives an optional notification when one of the above scenerios are blocked
  5. Provides an optional whitelist to prevent portscans and tracking scripts from being blocked on specified domains
  6. This addon doesn't store/transmit any data or metadata about you or your requests... because ya know privacy
Donations
If you are feeling generous or really like my work, consider donating

Regex Explanation

Test HTTP / HTTPS Portscanning

Test Websocket Portscanning

Sites that port scan you or otherwise run ThreatMetrix scripts (Wall of Shame) HERE

Permissions Needed

Warning!

Why I wrote this addon?
Back in May of 2020 eBay got caught port scanning their customers. I noticed that all of the articles covering this topic mentioned that there was nothing you could do to prevent it... so I wanted to make one. After going down many rabbit holes, I found that this script which was port scanning everyone is, in my opinion, malware.
Here's why I think that:
So I developed multiple ways to stop this. The first being the existing functionality built into Port Authority. By default, Port Authority will check the sites that your browser reaches out to and if it redirects to Lexis Nexis' infrastructure, it will be blocked and you will receive a notification. The second is a Python script I wrote which uses Shodan to find all of Lexis Nexis' customer-specific domains on the internet HERE. You can add the output of the script to a blocker such as uBlockOrigin to prevent your computer from connecting to them.

Note: This second method will never include every customer-specific endpoint so you are better off using the dynamic blocking built into Port Authority which WILL block every single customer-specific endpoint Lexis Nexis uses.

Most of these sites are using Lexis Nexis's Threat Metrix scripts, Dan Nemec has a great blog post reverse engineering the script and showing all the invasive data collected https://blog.nem.ec/2020/05/24/ebay-port-scanning/

Install
Ebay in May of 2020 was caught port scanning every user that went to its homepage. Discord port scanning your computer trying to connect with the desktop app. Chick-fil-a attempting to run ThreatMetrix scripts but being blocked by Port Authority. The GUI allows the user to turn on or off global blocking, notifications and add domains to a whitelist using the gear in the top right corner. Add or remove domains from the whitelist such that if they make a local request or request a Lexis Nexis script, it will be allowed.