search

ACK-J / Port_Authority

Blocks websites from using javascript to port scan your computer/network and dynamically blocks all LexisNexis endpoints from running their invasive data collection scripts.
GNU General Public License v2.0
130 stars 10 forks source link

[False Positive] identity.trimble.com -> localhost (SketchUp) #15

Closed ph00lt0 closed 1 year ago

ph00lt0 commented 3 years ago

The URL identity.trimble.com

To Reproduce Steps to reproduce the behavior:

  1. You will need SketchUp 2020 Desktop version to reproduce this false positive (free trail: https://www.sketchup.com/try-sketchup#for-personal)
  2. When trying to login to the application it opens a browser window.
  3. Login in to a Trimble account.
  4. The website redirects to a local IP, set up by the SketchUp application to authenticate the app. The browser will show the Port Authority warning and log in process is broken.

Desktop (please complete the following information):

Additional context In relation to #10 it would be nice to have the option to allow redirecting from certain domains to a local IP and have a per-configured whitelist.

Interestingly UBo (with LAN filter enabled) does not block this redirection login method.

ACK-J commented 3 years ago

Hey @ph00lt0 hopefully I will have a big update out soon with the option to whitelist sites like this. It definitely is needed in some situations. I’ll keep you posted. I am interested as to why uBo doesn’t block it, hmmm.

ph00lt0 commented 3 years ago

@ACK-J, not 100% sure but I think the difference between uBo and PortAuthority is that the latter one blocks redirects to the localhost where as uBo only blocks the third party connections.

ACK-J commented 1 year ago

I just released V1.1.3 which adds a whitelist option in the extension settings. Please update your extension by going to Mozilla Firefox -> Manage Extensions -> Click the gear in the top right corner -> Click "Check for updates"