[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Maintenance is complete! We got more disk space.
Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 28 KB, 928x358, unknown.png [View same] [iqdb] [saucenao] [google] [report]
61017643 No.61017643 [Reply] [Original] [archived.moe] [rbt]

What is Ekansovi?

>15KB of obfuscated Javascript in every thread on 4chan (not being loaded from a 3rd party website)
>Unironically uses XOR for its string encryption
>Sets up a websocket connection to a.ekansovi.com/wsp
>Something to do with ice servers / stun servers.

Source with unencrypted strings: https://pastebin.com/C0Mj6vHL

>> No.61018019

It's just a tracking pixel and you're basically retarded.

>> No.61018082

you realize websockets and tracking pixels are two entirely different things right?
e() is only 11 lines of 550.

>> No.61018179
File: 191 KB, 753x187, 1447916124725.png [View same] [iqdb] [saucenao] [google] [report]

So what I don't understand is that it seems to be ad related trickery to get around common adblockers, but where are the ads?

>> No.61018184


>> No.61018250

I think it's trying many different methods to track you; a 1px by 1px image, an embeded js file, and a websocket, and some XHR which looks as though it sends your useragent to.

>> No.61018310

Websocket section looks like it's sending a fingerprint in sha-256 delimited by colons.

>> No.61018399

> ekansovi
Haven't seen them in a long time, last I saw something connecting to there it was just tracking

>> No.61018409
File: 51 KB, 528x475, unknown.png [View same] [iqdb] [saucenao] [google] [report]

Make sure you have ekansovi.com and a.ekansovi.com blocked, gorhill apparently pushed an update that blocks them a couple of hours ago but just check to be safe

>> No.61018424

I've taken a look at it and it's nothing substantial.

>> No.61018428


>> No.61018429

...are you going to elaborate?

>> No.61018431
File: 54 KB, 480x451, 1470111210955.jpg [View same] [iqdb] [saucenao] [google] [report]

>non-free javascript

>> No.61018451

Possibly testing attack vectors. Not necessarily an attack.

>> No.61018453

>gorhill apparently pushed an update that blocks them

>> No.61018458

Any girls have an opinion on this?

>> No.61018462

No need to block it. It'll make 4chan better.

>> No.61018466

uBlock Origin filter update

>> No.61018481
File: 1.36 MB, 320x213, 62c.gif [View same] [iqdb] [saucenao] [google] [report]


>> No.61018488


>> No.61018492

Its not listed under by umatrix.

Haven't seen it here. Maybe you're infected?

>> No.61018521

who owns the domain?

>> No.61018522

wew is he one of us?

! https://rbt.asia/g/thread/61009719 ! Appears related to uponit.com ||ekansovi.com^ ! Somehow, websocket requests are behind-the-scene with Firefox. Pending ! further investigation, this fixes the issue. ||4chan.org^$csp=connect-src https: http:

>> No.61018529


>> No.61018537

Apparently it might only be showing up for people from certain countries.
Right click > View source
Search for b.u("gIlePonVjyjmEpHGmTsFPsEYyxBVkstc");
That's the class for the XOR string decryption.

>> No.61018562

Unless the key is randomly generated, in which case you'd have to search for b.u("... unless the names are randomly generated as well in which case just look for 15KB of random as fuck javascript.

>> No.61018576

What made you come to that conclusion?

>> No.61018579

Hmm the key is there. The script is there, but its not running from a third party site.

Does that mean 4chan runs its own version?

>> No.61018587

>Appears related to uponit.com
There you have your question answered OP

>> No.61018591


>> No.61018600

It's a joke.

>> No.61018617


>> No.61018620

How can i block it with Ublock?

>> No.61018630

I have ABP on and I still see three little ads at the bottom of every 4chan page.

>> No.61018645

Open the uBlock settings
Go to the '3rd-party filters' tab
Click on the clock icon next to 'uBlock filters'
Click the 'Update now' button at the top

>> No.61018668

it's on the front page of 4chan as well, not just every thread
I can confirm it loads regardless of browser or addons. from different locations all around the world

those who say it does not load for them I have no idea why. But any OS, any browser, any addons (or none) on different ips and physically different computers all have it loading.

only thing I can say is those who don't have it loading have the old cached version of the javascript on 4chan still running

>> No.61018679

(you can open the settings by clicking on the uBlock button and then clicking the gear icon on the far left in the gray bar at the top)

alt. click on 'domains connected' in the uBlock popup
make both columns for 'ekansovi.com' solid red then save by clicking the padlock icon.

>> No.61018703

you forgot to mention



>> No.61018711

>Immune to filters or blacklists
Am I really going to have to start blocking ads with hosts file?

>> No.61018721

They're uponit domains. End of story.

>> No.61018728
File: 3.52 MB, 490x476, 1483134062952.gif [View same] [iqdb] [saucenao] [google] [report]

If that's related to this, and this uses websockets, then...
>||*^$csp=connect-src https: http:

>> No.61018748

'Appears to be related to uponit' != 'Its uponit'

>> No.61018777

||wss:// actually, probably should have tested it first.

>> No.61018863

it smells more like some elaborate scheme to catch ban evaders.
hiro should just put mobile shitters in read only mode or at least increase the post timer

>> No.61018889

No, it is literally uponit. Do some more investigation.

>> No.61018890

>Immune to filters or blacklists

whatever they are doing, it doesn't seem to be working. i don't see ads here or on their site

>> No.61018905
File: 56 KB, 760x572, 1432187912406.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.61018916
File: 74 KB, 765x566, 343791.jpg [View same] [iqdb] [saucenao] [google] [report]

>Unironically uses XOR for its string encryption

>> No.61018935

I don't get what Miley Cyrus has to do with this :^)

>> No.61018942

That's because they're using it for tracking, not for displaying ads.

>> No.61018944


yep I get this same key

USA here but blocking cross site requests

>> No.61018982

Can it be blocked with noscipt? Does private browsing mode and deleting cookies and cache work?

>> No.61019012

Unless you're blocking 4chan.org, no.
Just get uBlock, or if you already have it update the uBlock filters in '3rd-party filters'

>> No.61019026
File: 44 KB, 1896x480, snakeivos.png [View same] [iqdb] [saucenao] [google] [report]

Am I good now /g/?

Blocked it everywhere I could.

>> No.61019027 [DELETED] 

Mine's slightly different: b.u("R3X + gIlePonVjyjmEpHGmTsFPsEYyxBVkstc")

>> No.61019042

There's two instances of b.u in the code, that's the first one.

Probably... hopefully.

>> No.61019071

I just blocked it in hosts file.

>> No.61019093

how to even take a picture of umatrix
it leaves when I grab terminal to scrot it

>> No.61019103
File: 20 KB, 1581x188, sneekysnek.png [View same] [iqdb] [saucenao] [google] [report]

Hmmm, the logger is still showing it, after I had blocked it, is this just because it attempts to or is it bypassing the block?

How do I do that?

Pic related time is after I had blocked >>61019026 so it might still be coming through

>> No.61019126

scrot -d [delay in seconds]

Click on the uBlock button, click the grey title bar at the top, go to the '3rd-party filters' tab, click on the clock icon next to 'uBlock filters', click on 'Update now'

>> No.61019129

I'm not getting this domain. It's probably coming from that notorious malware 4chanx.

>> No.61019157

that's some low effort bait right there

>> No.61019174


what is a good logger aka what are you using?

>> No.61019184 [DELETED] 

Test post.

>> No.61019194

I'm on firefux vanilla 4chan and see it in umatrix

>> No.61019213
File: 7 KB, 243x97, 1470409908774.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61019217
File: 28 KB, 309x290, 1.png [View same] [iqdb] [saucenao] [google] [report]

https://pastebin.com/FiWG9vN5 for hosts file instructions.
THIS IS FUCKING BIZARRE: 4chan wouldn't let me post the specific text of this pastebin link, giving me a connection error. Pic related. It lets me post normally otherwise.

>> No.61019229
File: 11 KB, 1199x170, still heree.png [View same] [iqdb] [saucenao] [google] [report]

Well shit I did that and it still showing up in the logger

Also I'm visiting random /pol/ threads to confirm it shows up as thats when it appears only so far.

Its just uBlock Origin's logger

>> No.61019246

Very suspicious coincidence.

Thanks for the link anon

>> No.61019250
File: 14 KB, 826x261, Untitled-2.png [View same] [iqdb] [saucenao] [google] [report]

Trying to post the text from that pastebin through post a reply at the top instead of the little reply window gets this response from 4chan. My IP is obviously not blocked as I'm posting right now. What the fuck?

>> No.61019273 [DELETED]

>> No.61019276
File: 52 KB, 751x720, C7AeO8xWcAIuBHk.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.61019278

kek I just had that idea too, you beat me

>> No.61019287 [DELETED] a.ekansovi.com ekansovi.com

>> No.61019296


>> No.61019301

In advanced cookie manager there is a cookie for that website named __cfduid or some shit.
Anothr anon didnt see it listed in the normal cookei viewer

>> No.61019305 [DELETED] a.ekansovi.com ekansovi.com

>> No.61019314

Thats a cloudflare cookie

>> No.61019316

Why not a.ekansovi.com ekansovi.com

>> No.61019318
File: 40 KB, 305x264, 2017-06-21-222203_305x264_scrot.png [View same] [iqdb] [saucenao] [google] [report]

literally won't let me post this
posted this though >>61019296

>> No.61019330
File: 18 KB, 305x284, 1.png [View same] [iqdb] [saucenao] [google] [report]

This is the line which returns the connection error. Fucking bizarre.

>> No.61019344

Looks like simply etc(slash)hosts returns the connection error.

>> No.61019353

I guess Im out of the loop,
can you explain to me what addons I should be running and why?

I am using noscript + ublock origin.
I was using noscript + adblock plus or something but I was told they are cucks now and switched.

Now Im seeing all kinds of other crazy shit and I dont even know what it does

>> No.61019355

>Its just uBlock Origin's logger


Requestpolicy blocks ekans egg completely

>> No.61019372
File: 24 KB, 1502x336, fukoff.png [View same] [iqdb] [saucenao] [google] [report]

Well I did the hosts file thing but new instances of ekanshitty still show up in the logger when I click new /pol/ threads in the catalog

Should that be possible even with hosts file solution? Is the logger also showing attempted connections or just those that get through?

>> No.61019388

what tool are you using here

>> No.61019391


rquestpolicy extension in firefox seems to stop it

those are probably attempted request that are failing, I would hope

>> No.61019392

>This role is in our Tel Aviv office

/pol/ is always right.

>> No.61019394

uBlock was created by gorhill and then got taken over by a cuck
uBlock Origin is gorhill's continuation for automagically blocking ads
uMatrix Origin is for blocking things with way more control over what's getting blocked.

>> No.61019396

Wouldn't blocking ekansovi also take care of a.ekansovi?

>> No.61019401


>> No.61019409

*.ekansovi.com would
ekansovi.com means only ekansovi.com

>> No.61019421

Would that or something equivalent work in hosts file?

>> No.61019423

New Zealand here, string appears more than once
new b.u("R3X + gIlePonVjyjmEpHGmTsFPsEYyxBVkstc")
new b.u("gIlePonVjyjmEpHGmTsFPsEYyxBVkstc")

>> No.61019429

its just Ublock origin logger like I've said already ITT

>> No.61019434

probably not no

It's always two

>> No.61019441

Those must be attempted requests. The only thing I know of capable of bypassing hosts file is M$'s telemetry.

>> No.61019443

What about *ekansovi? Would that block everything?

>> No.61019452

Probably not, no.

>> No.61019491

shit that's neat

>> No.61019497

ok so it was ublock I was told not to use,

So do I want ublock + umatrix or just umatrix?

Is noscript still safe? is it redundant with umatrix?
I noticed that when a site doesnt work noscript is the only thing that I need to fuck with, like its doing a better job than ublock

>> No.61019506

>attempted request that are failing

I sure hope so, I set up the hosts file exactly as it should be and checked and rechecked and yet each new /pol/ thread I open the ekansovi shit pops up again in the logger, hopefully its just logging the attempt and not an actual connection, I wish the logger distinguished between the two

>> No.61019517

Noscript + uBlock ORIGIN
+ uMatrix ORIGIN if you want more control.

>> No.61019532

web RTC too

>> No.61019538
File: 8 KB, 250x238, pepe-indifferent.jpg [View same] [iqdb] [saucenao] [google] [report]

>umatrix origin

>> No.61019545

>uMatrix ORIGIN
this doesn't exist

>> No.61019546

I thought there was only one umatrix, not a umatrix and a umatrix origin

>> No.61019555

Whoops, sorry, you're correct it's just uMatrix

>> No.61019560

I would buy a pass if moot was still in charge and not hiro, who has a track record for fucking up people who trust him

>> No.61019584

/pol/ is always right.

>> No.61019585


> 2017

>> No.61019586

you have to add sub domains separately in host files
if you use pi-hole you can use wildcards for dns though

>> No.61019590

under the ekansovi url.

because he will just "b.ekansovi.com" and "aslfkjeiwrqjedfadslf.com" when you arnt looking

>> No.61019599

>trusting a white privileged man
>not trusting a poor rice farmer
fucking racist

>> No.61019601
File: 947 B, 416x454, 1489768509515.png [View same] [iqdb] [saucenao] [google] [report]

What kind of tweaks did you guys do to uMatrix? I noticed a lot of sites I used would fall apart after installing it.

Is it a good idea to globally allow googleapis, apis.google, ajax.googleapis? Seems like a lot of sites rely on them to work

>> No.61019620

I just live in a broken internet and surf happier

>> No.61019636

The patrician thing is to use uMatrix in default block-all mode since it will block everything not explicitly allowed.

>> No.61019641

Very confusing server (DNS resolves to

Iplocation says the ISP is digitalocean

I attempted to SSH into it -
the connection message is "Bitvise WinSSH Server"
Windows? digitalocean doesnt allow you to make windows servers

any ideas?

>> No.61019642

I just keep them blocked by default. If a specific site breaks I try whitelisting them for that site and see if it works.

There's an awful lot of sites (news sites, blogs, etc) that look ugly but still display text content just fine with pretty much everything blocked.

>> No.61019649

seems like they are onto us. it's been removed

>> No.61019651

ok, I installed matrix and it broke replying so I had to disable it to post this

>> No.61019664

Some kind of front-end, proxy, or passthrough firewall with a windows server behind it, maybe?

>> No.61019666

You have to actually understand what uMatrix is and how it works, it's not an automagic catch-all it's a tool. You don't buy a hammer and say "Something's wrong it's not nailing things in" without actually using it.

>> No.61019670

my niggas

>> No.61019672

4chan doesnt let me make threads anymore. I dont know why.
It takes years to do anything and then loads a warning page about https

>> No.61019684

Huh, you're right.
Not finding the u.b( string now

>> No.61019685

it's like noscipt and you need a few days to adjust it for your main websites, but it's great for everything else and fighting tracking and other anti-privacy measures

>> No.61019686

Yep, ekansovi doesn't even show up in ublock origin anymore meaning hosts file blocked it completely, but it still shows up in the ublock logger as attempted access I guess

I checked just now and it shows up in the logger when clicking on /v/, /g/ threads too

Just what the hell is this thing.

>> No.61019695

And you dont buy a hammer and have it automatically nail your door shut

what do I click to make 4chan work. I dont care if everything else is broken right now

>> No.61019698


lol how new are you? all of the ips are fucking cloudflare

>> No.61019699


>> No.61019705

test a.ekansovi.com ekansovi.com

>> No.61019709

Are there any good tools for debugging/inspecting websocket sessions? Would actually be useful for a project of mine as well, but I didn't find anything

>> No.61019710

Nevermind, I figured it out.
This shit really fucks up a good buzz.

>> No.61019716

hey this guy did your linux fix >>61019318

>> No.61019721

It's still there for me (New Zealand)

b.u, not u.b

rows are domains
columns are media types
cells can be either red or green, if it's red that media type is blocked for that domain, if its green its not blocked.
Click on the top or bottom half of a cell to block/unblock that cell.
If you get stuck use google, if you cant even do that dont use uMatrix.

>> No.61019723

how can you tell?

>> No.61019725

test two

Copy hosts file to desktop or any other folder you don't need administrative privileges to save stuff in. Edit with notepad. Put these two lines in it and click save. It'll save it without adding a file extension: a.ekansovi.com ekansovi.com
Copy file, paste it back into \etc and click continue when it asks for admin privileges.
If you're on Linux, I don't know the Linux equivalent to a hosts file, or if that even exists.

also you should do so it just drops it rather than routing it to yourself

>> No.61019741

only blocked part is the system32 shit

>> No.61019748


>also you should do so it just drops it rather than routing it to yourself

What do you mean? Replace with

>> No.61019764

your computer gets word you want to connect to ekans
it asks DNS file where to go
it sees
it connects to you and tries to communicate with it

if it's it just drops the packet and never tries

>> No.61019771

You're, right my bad.

Here's the script if anyone is interested.

>> No.61019780


127.x.x.x is YOU
so you're talking to yourself or trying to
since you don't run a server after a few tries it'll drop
but is auto drop

>> No.61019784

You can do that in the hosts file but you need to replace the default DNS resolver, i use acrylic DNS proxy for that

just remember to replace the dns servers in the config file since it uses Google dns servers by default

after installing it edit your connection settings to use as primary DNS server and edit the acrilyc hosts file with the sites you want to block

You will be able to use *. to block entire sites after that, and it also stops windows 10 hardcoded domains from being able to connect so no more botnet

>> No.61019793


>> No.61019798

holy hell this is fucking awesome.
I never in my wildest dreams thought i'd see something of this caliber on 4chan of all places.
they must be looking for someone really hard, they're pulling out all the stops for this shit.
something is going to go down soon and I can guarantee it's because of the trump administration.

>> No.61019805

Got it, done. Thanks /g/ents

>> No.61019806

This stops all Windows 10 telemetry? I was under the impression only a hardware firewall could do that.

>> No.61019839

>the website is literally hosted on the same server 4chan is hosted on

Is that true or was he bullshitting

>> No.61019847

Windows normally respects entries in the hosts file for ordinary user applications (like, for instance, non-MS web browsers), but they hardcode some things in the bowels of windows, so system components will talk to microsoft regardless of the hosts file.

In fairness to microsoft, this was probably at least partly motivated by the fact that a common malware trick for a long time in the XP era was to use the hosts file to kill connections to windows update and to the homepages of things like Spybot and other anti-malware outfits.

>> No.61019849

how about blocking google-analytics?

>> No.61019855

it was, it seems to have changed

haven't looked at the XHR data for a while either

>> No.61019858

I already do that

>> No.61019867

Here's the script attempts to embed on the page when certain conditions are met


but why? and how are the conditions met?

>> No.61019876

thats because its fucking cloudflare

>> No.61019879

>>61019849 analytics.google.com or whatever it is

just run pi-hole

>> No.61019881

>when certain conditions are met

You mean like when you open any random thread on /v/, /g/, /pol/ etc?

Because thats when it appears in the log for me

>> No.61019900

their cloudflare ips are different goyo

>> No.61019901

Why are you spoonfeeding all the retards in this thread? This is why /g/ is so shit. These idiots think it's okay to come here and beg for help with all their pc issues. Send them to /sqt/ or >>>/wsr/.

>> No.61019909

>it also stops windows 10 hardcoded domains
>but they hardcode some things in the bowels of windows
This appears as if you are saying this method is a viable software-only method for completely stopping all Windows telemetry. Am I interpreting this correctly, and has this been tested?

>> No.61019919


>> No.61019929

>>61019879 www.google-analytics.com
doesn't work, reloading the page and I still see it on ublock logger

>> No.61019936

a.ekansovi.com and ritogaga.com
both have the same styling when requesting a non-existant page

>> No.61019954

well it's not anymore cuz that gives a different response than this fucking gay ekans site does

>> No.61019958

It does block them I got pissed off because they werent getting blocked in my hosts file that I searched how to block them, after a few days I found acrylic and managed to block them

Windows still tries to connect to those domains though, like with go.microsoft.com there's always tons of request of it in my DNS logger even though they all resolve to

>> No.61019972

JS will still try to make the request, so addons will still see the request. But your kernel's networking subsystem will do DNS resolution for google-analytics.com, get back, and give up immediately. The JS, if it bothers to check for errors (almost no JS does, shitty, shitty language and culture) will find that the request it made failed. Probably with a destination unreachable or something similar.

>> No.61019983

That's pretty fucking awesome, anon. Thanks.
/g/ approved DNS servers anyone?

>> No.61019988


>> No.61019994

That first answer wasn't mine, he was someone else, they do get blocked you can try for yourself acrylic is open source and its not that hard to install

>> No.61020000

>/g/ approved DNS servers anyone?
Most OpenNIC ones and dnscrypt.eu if you can use dnscrypt
Avoid OpenDNS almost as much as Google DNS
You can also run your own DNS server but of course this won't do outside your home network (unless you have a static IP)

>> No.61020005

Why should anyone care

>> No.61020015

Fuck off hiroshima

>> No.61020021

>Another useful feature is called "Behind the scene". You find it listed in the page selection menu, and it lists requests that uBlock cannot associate with a domain.

>This includes among other things requests made by the browser itself, made by extensions, and by websites if technologies such as hyperlink auditing are used.

Ok so once again it seems like the ekansovi showing up for in Behind the scene logger are just the requests being listed, not any actual connections, since its been blocked in hosts after all.

>> No.61020026

TTL on the dns records are only 5 minutes and Im pretty sure theyve changed multiple times within the hour

>> No.61020036

Have you read 1984?

>> No.61020037

yep as I said they keep changing the ip

regardless of cloudflare

>> No.61020053

anyone up for jacking the domain? registered with amazon

>> No.61020077

it's regsitered on name.com


>> No.61020094

>Name Servers

So wait, it's just some cloudflare shit?

>> No.61020096
File: 55 KB, 587x714, Screenshot_13.png [View same] [iqdb] [saucenao] [google] [report]

here's how it looks like when they get blocked by acrylic

>> No.61020104


>> No.61020114

my bad, was thinking of mojigaga.com
anyway, it should be easy

>> No.61020138

before cloudflare, the ip was>>61019919
that crossthread one

but now it doesn't work and all the IPs are cloudflare
this is the ONLY Ip that has routed to that site that isn't cloudflare

arin says it's a eurotrash ip

>> No.61020159


some gay guy I know made the code from the ekans site more beautiful

> I don't understand the first function though it will never run

>> No.61020167


>> No.61020174

How do you xor the strings in js?

>> No.61020180

>2245760 == 1416070001
noticed that too, very strange

>> No.61020191

yea he asked me about it, I have no idea.. haven't seen anyone post that at all or ask about it.
>BEcause anytthing after && relies on the first condition being true
>It will short-circut after the comparison because those two numbers aren't the same

>> No.61020195

another thing about this is, if you're behind a proxy or VPN, and do not have a webRTC blocker add-on installed, this script now has your real IP address

>> No.61020201

(google webRTC leak)

>> No.61020202

>So unless that first number is dynamic, it's will never create the image

>> No.61020204
File: 7 KB, 250x243, 1497973609311.jpg [View same] [iqdb] [saucenao] [google] [report]

Why do you care?

>> No.61020209

>Not caring about the code being run on his machine

>> No.61020234

actually, duh, you provide the number in the URL query and generates the script with that number. so it shows they're looking for someone/something specific

>> No.61020247

see: http://xhr.ekansovi.com/ljs?p=2245760

>> No.61020253

It's a fucking website.

>> No.61020256

that's why 1416070001 is all the fucking over the place in their code
how do I disable webrtc

>> No.61020257


>> No.61020274

if you're using chrome: https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml?hl=en

>> No.61020275

I was born in 1989, what about you? Retard

>> No.61020288

so I disable it?
"disable non-proxied"

>> No.61020290

There is a part of the tech sector in Israel called Download Valley. Superfish, of Lenovo self-destruct fame, issued forth from one of the Download Valley companies.
Presumably it's an artifact of Israeli laws around installing things on people's computers or something.

>> No.61020292

>>61020275Go back to you watch threads faggot

>> No.61020307

1984 is a book about a dystopian future where the government has omnipresent spying on its citizens and uses it to eliminate political dissenters.
Just because (it doesn't appear as if) the government isn't using spying data to eliminate political dissenters now doesn't mean they can't and won't use spying data they're collecting now to eliminate political dissenters later.
It's a legitimate concern.

>> No.61020309

And this bothers me?

>> No.61020329

No, the default is fine. installing the add-on is enough to block the leak.

>> No.61020338

fuck off ekansovi

>> No.61020342
File: 3 KB, 1911x30, blok.png [View same] [iqdb] [saucenao] [google] [report]

>What is Ekanso-


>> No.61020363
File: 8 KB, 1007x197, blok2.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61020405

I have ublock origin and i also see them

>> No.61020430

anyone know how to get into the stun:// without writing fucking javascript?

from the source it connects to

and the password is possibly "00000000000000000000000000000000"

>> No.61020499

Why are you samefagging so much instead of telling us why we should worry? Are you perhaps autistic

>> No.61020501
File: 1 KB, 142x20, 1478223295899.png [View same] [iqdb] [saucenao] [google] [report]

Oh shit, it's the same number for me.

>> No.61020506
File: 142 KB, 1280x720, image-w1280.jpg [View same] [iqdb] [saucenao] [google] [report]

>password is possibly "00000000000000000000000000000000"

I like how this is going

>> No.61020525

Does ekansovi only show in specific browser?
Because when I use safari, I don't get that, but in chromium, I get that. Or maybe unlock in safari doesn't detect it?

>> No.61020538

if you clicked the link I crafted then no shit

Its a very advanced tracker, still trying to figure out the logic behind it. its obviously looking for something. best to have it blocked.

>> No.61020540

tested on 7 different operating systems with all browsers and different IPs and different physical computers

>> No.61020552

>hosts file didn't help
Depending on OS/Settings you may have to clear DNS cache too.

Some Software use their own Lookup methods to work around users changing their host-file or having a DNS that blocks certain domains (for example Chrome and stuff based on that).
Those usually use Google DNS, and ignores your host file. They may also find the DNS from your provider and ask it directly.

Using DNSquerySniffer from Nirsoft can give you a hint about what DNS are used.
You may also want to block all UDP/TCP DNS calls to anything except those 2-3 you explicitly allow. Thus making it a bit harder for trojans to send/receive data since port 53 usually allowed by every possible firewall for everyone.

>> No.61020559

>if you clicked the link I crafted then no shit
Oh, lol. Silly me.

>> No.61020566

see if it's testing for browser capabilities or vulnerabilities

>> No.61020567

>ekans ovi
>snake ovi
>snake oiv
>snake oil

>> No.61020576
File: 115 KB, 419x402, shockedtsundere.jpg [View same] [iqdb] [saucenao] [google] [report]

>mfw I realized it might be looking for FBIAnon

>> No.61020588

Yes, ad networks are looking for a greasy larper

>> No.61020589


>> No.61020607


This is actually a major problem for web developers. None of the dev tools built into Chrome are any use at all looking at what a websocket is doing.

>> No.61020609
File: 99 KB, 1016x386, Screen Shot 2017-06-22 at 12.11.57 PM.png [View same] [iqdb] [saucenao] [google] [report]

Weird. This is from my safari (left) and my chromium (right). But well I get >>61018537 when checking the source in safari though.

>> No.61020622

is safari even capable of running the shit?
I didn't try that browser myself

>> No.61020643

If you look at the pastebin in the op, it explicitly checks for safari in g(a), though who knows what it's doing or why.

>> No.61020646

Do you mean using ublock origin?
Yeah it can

>> No.61020658

no lol. I mean the web socket and connection

>> No.61020702

Yeah it's supported as far as I know.

Damn, then I need to filter ekansovi in host level for making sure it's safe too. Thanks, anon.

>> No.61021041

How can I be 100% sure I blocked it?

>> No.61021115

try to go to the website

>> No.61021214

does it work?


>> No.61021403

Have you heard of wireshark and pcapdump?

>> No.61022035


>> No.61022302 [DELETED] 


A search for this number throws this out:


Which, was discussed LAST YEAR :>>https://warosu.org/g/thread/55946290

So, is it the same shit?

What is it

>> No.61022479

An anon posted this link and it got delet


>> No.61022593

If I have a separate anti-malware program managing my hosts file, and I'm alsio using a uBlock Origin hosts list, does one trump the other? I don't see that Firefox has added anything to my hosts file when I check it.

>> No.61022595

blocking https://xhr.ekansovi.com is not sufficient, you fool.

>> No.61022637

Yeah, my bad for being paranoid

That git just has the 4chan source on it - 1416070001 appears in the 4chan source.


>> No.61022652

Get a load of this fucking idiot.

>> No.61022700

If you dump the script that gets evald there is a "the cake is a lie" text in it

>> No.61022726

To dump the script after decryption just do this.
1. put bp on first line of sources
2. go to console
eval = function(x){


3. let it run.

>> No.61022936

no and you're stupid to ask

>> No.61022945
File: 21 KB, 501x419, so salty.png [View same] [iqdb] [saucenao] [google] [report]

>tried to unblock ekansovi.com in uMatrix and uBlock until no more wss connections were blocked in Console
>new friends popping in uBlock's dashboard

so it's just hirojew playing with us all along

>> No.61022964

I guess I should have asked it this way. Does uBlock Origin have the ability to edit my hosts file?

>> No.61022991

>can a browser extension that's not pure malware edit my host file?
once upon a time /g/ wasn't so shitty
I blame phoneposters

>> No.61023024
File: 26 KB, 493x382, chrome_2017-06-22_19-19-37.png [View same] [iqdb] [saucenao] [google] [report]

use a proper blocking tool

>> No.61023028

no and you're stupid to ask

>> No.61023055

why does it look like that

>> No.61023069

the shit to the left? That's "advanced mode".

>> No.61023073


>> No.61023107

>blocks all third party
>blocks all third party scripts and frames, as if this was necessary
>manually unblock every single cdn site and third party site
3/10, use uMatrix at least
and you'll have some surprises if you look at chrome://webrtc-internals/ once you refresh a 4chan page, even with all that fuckery, stun:a.ekansovi.com:6001 will knock at you anyway. You'll NEED the latest uBlock Origin Extra.
Oh, and if you have uMatrix as well in Chromium, then again you'll see STUN requests until you add uBlock Origin Extra.

>> No.61023149

well shit thanks for the info at least.

fwiw I don't unblock "every single cdn", just shit I need. I'm not so tinfoil I don't use google or imgur, I just don't want my shit uploaded to putin.ru without me saying so.

>> No.61023153

>using chrome
>caring about privacy

>> No.61023176

because firefox has lost all direction, why use something copying chrome half the time and making dumb decisions the other half when you could just use chrome? mozilla need to cut the fat and get focused on making firefox great again.

>> No.61023181

Pale moon.

>> No.61023197

Nice job dodging the question. Even if they have women in charge, at least there is some expectation of privacy. With Chrome, you have zero. Also, see: palemoon

>> No.61023216

>use chrome
The browser designed from ground up to spy on you.
Don't let google and anyone the sell or forced to give info too ever again miss a single click from you.
Thanks to chrome they no longer need a camera in your apartment.
They can reconstruct your movements depending on the exact interaction with your computer.

>> No.61023226

Apply this into 'My filters' of uBlock Origin.

! 3/30/2017, 2:48:59 AM http://boards.4chan.org


>> No.61023241

reminder that if you see ekansovi shit on chrome://webrtc-internals/ you're still vulnerable

>> No.61023261

Google knows everything about me already. Google already knows everything about you, probably. I don't give a shit if all my information is going to Google. They've had my email for over a decade, they have every search I've ever made, pretty much every IM I've ever sent, they're inside my phone, and they have a growing AI division. That fight was lost long ago.

I'm just trying to stop random script kiddies running code in my browser.

If you want to use firefox I have no problem with that, but I use chrome.

>> No.61023271


Something like this at the start of this is bad, even if you've blocked the URL outright?

>>61017643, { iceServers: [stun:a.ekansovi.com:6001], iceTransportPolicy: all, bundlePolicy: balanced, rtcpMuxPolicy: require },

>> No.61023281

Newfag here.
The left one is for global rules and the right one is for local rules, right?

>> No.61023287

yep, apparently we need https://chrome.google.com/webstore/detail/ublock-origin-extra/pgdnlhfefecpicbbihgmbmffkjpaplco/related?hl=en

I saw on the github he made a commit specifically to include 4chan.org, Perhaps someone could explain why we need to 'foil' these "early" connection attempts on a case by case basis instead of globally blocking the root cause of this kind of shit?

>> No.61023290
File: 6 KB, 385x197, 4c.png [View same] [iqdb] [saucenao] [google] [report]

yes, use uBO Extra

>> No.61023296


>> No.61023399

How do I bring up that context menu for uBO Extra?

>> No.61023413
File: 22 KB, 365x515, 2017-06-22-095825_365x515_scrot.png [View same] [iqdb] [saucenao] [google] [report]

>feel when 4chan is as bad as jerusalem online for jewing its users

>> No.61023443
File: 302 KB, 640x400, file.png [View same] [iqdb] [saucenao] [google] [report]

Talking about this one they use in the chrome web store picture.

>> No.61023488

>If you want to use firefox I have no problem with that, but I use chrome.
After analyzing "Iron" and found tons of trickery still left inside they had missed to clean out, I gave up on Chrome or any derivate.

Firefox with tons of extensions and tons of about:settings changes is probably decent (since TOR use it), but in default mode it's just as bad as chrome.

That's why I don't use any of the popular browsers, but I do masquerade as one. Not something I recommend since it's more work getting shit to work.
Not only trojans have problems running in my configuration - it's everything else too!

>> No.61023652
File: 221 KB, 562x849, Screenshot_20170620_111825.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61023666

because you can't disable WebRTC on Chrom(e,ium}
and u{Block Origin, Matrix} don't address WebRTC

not in Firefox
not in Chrom{e,ium}

at best, uBlock Origin will show you an option to "Prevent WebRTC from leaking local IP addresses" but won't intercept and filter WebRTC requests.
This happens in both Firefox and Chrom{e,ium}; but at least in Firefox you can disable WebRTC completely.

>> No.61023683

You are part of the problem.

>> No.61023691


>> No.61023859

>Disable WebRTC (will be configurable in the future #179)

allegedly it's not a fork
>ungoogled-chromium should not be considered a fork of Chromium
just a set of
>configuration flags, patches, and custom scripts

pick you poison: use an upstream that allows you to disable WebRTC even when you have js running
use an upstream that doesn't allow you to disable WebRTC so you have to
- rely on third-party addons with pre-compiled lists of rogues sites (see uBO-extra)
- resort to disabling js completely (WebRTC doesn't work if js is completely disabled)
- revert to "forks"/unbranded versions of the upstream

>> No.61024093
File: 110 KB, 489x557, Screenshot_20170620_141316.png [View same] [iqdb] [saucenao] [google] [report]

Exposing our true identities is someone's idea of punishment for 4chan getting Trump elected

>> No.61024271

chinese moot sold us out

>> No.61024303

Regular moot sold you out too.

>> No.61024427

>XOR encryption is unbreakable even in theory if the data XOR'd with the data to be encrypted is random and if the random data is the same length as the date to encrypt

>> No.61024469
File: 1.04 MB, 1280x720, 1448831563817.png [View same] [iqdb] [saucenao] [google] [report]

>obfuscated non-free java-script

>tfw botnet wants you to stop shitposting

>> No.61024706

How is that any different from OTP?

>> No.61024715
File: 3 KB, 1141x26, webrtc was a mistake.png [View same] [iqdb] [saucenao] [google] [report]

Friendly reminder that
if you're using firefox
and you're not disabling WebRTC completely
so that you don't see this message in Console
you're exposed. You won't be able to see STUN in ff @ about:webrtc as you do in chrome @ chrome://webrtc-internals/
but you'll see adswithsalt.com coming through in your uMatrix/uBlock dashboards

>> No.61024749

btw, adswithsalt has already challenged ad blockers in the past

>> No.61024791

No it isn't. None of the settings in that extension will block WebRTC on Chrome.

Check chrome://webrtc-internals and the connection will still be made.

The only way to block it in Chrome is with hosts file but if they change the subdomain you'll need to realise and block it again.

Firefox can properly block WebRTC. Chrome can't currently

>> No.61024830
File: 86 KB, 420x238, laughing_girls.jpg [View same] [iqdb] [saucenao] [google] [report]

>he doesn't have Ghostery and AdBlock Plus


>> No.61024850

dear fucking God, read the motherfucking thread you fucking millenial

if it was a ruse, 10/10 you rused me

>> No.61024955
File: 3 KB, 481x92, peerconnection.png [View same] [iqdb] [saucenao] [google] [report]

in firefox you may use normie-friendly addons like https://addons.mozilla.org/firefox/addon/privacy-settings/ with these media-related settings

>> No.61025090

Does not follow the same mechanics but I guess the principle is the same.

My point was to not underestimate how strong XOR encryption can be, if properly implemented, since some anon seemed to be making fun of it

>> No.61025118
File: 98 KB, 784x373, Capture.png [View same] [iqdb] [saucenao] [google] [report]

Sorry, that was a ruse actually :^)

But, seriously guys - we all know how to block this now. The real question is - what is it doing, and why is it embedded on 4chan?

>> No.61025179

see again

Not enough, see >>61024715 , >>61023107

>> No.61025343

How many 4chan users are going to either install uBlock Origin Extra in Chrome-related browsers or disable completely webrtc AND use at least uBlock Origin?
My guess is that it wil be a number negligible enough for the "advanced users" to still stand out and be backtracked

>> No.61025396


It's probably safer to disable uBlock entirely lads... nothing to hide nothing to fear :^)

>> No.61025446

What the fuck are you doing you dumb ass? Use "noop" not "allow"

>> No.61025465

anon from /pol/, claimed to be ex-/FBI, posted various pictures and stories that couldn't be found anywhere else.

>> No.61025495

Once again proving WebRTC was a mistake.

>> No.61025500

use proper "noop" rules, not "allow" rules.

>> No.61025509

Pale Meme doesn't have WebRTC.

>> No.61025515

If I don't see it in Ublock's content logger. then i'm good?

>> No.61025524

It *should* be blocked now but it doesn't show up in the general view in firefox it shows up under behind-the-scenes for some odd reason apparently related to webrtc

>> No.61025570

no, read the thread.

>> No.61025704

Also download uBlock Origin Extra from chrome Store.

>> No.61025724

So wait

What if you're only using Clover to browse?

>> No.61025754

I think those clients just download the json file and the images/media and ignore the rest of the page so I don't think they were affected, probably.

>> No.61025772

So if I disable WebRTC then it should stop right?

>> No.61025776
File: 147 KB, 1262x778, 1487289337554.png [View same] [iqdb] [saucenao] [google] [report]

Another solution, if you're using 4chan x, you can block all requests coming from the 4chan scripts in Settings -> Advanced -> Javascript Whitelist

Pic related, my config

This will prevent it from executing without installing more add-ons.. but of course hirochink could just add the tracking code to the 4chan js itself.

you should be safe. clients typically stick to API calls. wouldnt make sense for them to run any javascript

>> No.61025794

the logger is irrelevant

open a console (I assume you're on firefox)
you should either see the pic in >>61024715 if you have disabled WebRTC completely

or this message
Content Security Policy: The page’s settings blocked the loading of a resource at wss://a.ekansovi.com/wsp (“connect-src https: http:”). if you didn't disable WebRTC completely BUT you updated recently uBlock Origin's filters.

In the first case you are ALWAYS protected
In the second case you are protected ONLY ONCE, thanks to an explicit rule ( see >>61016560 ; it injects a fake CSP)

If you're on Chromium: you can't be ALWAYS protected, you have to download uBlock Origin Extra and rely on hard-coded lists, so you're bound to be protected only ONCE (if the domain changes, you're busted)

>> No.61025806

It apparently falls back to using XHR if you disable WebRTC but the good news is you can easily block those through the usual filters. You should disable WebRTC anyway because it's a huge security risk at this point.

>> No.61025809

I should have 'self' commented out there too

>> No.61025814

t. jewmoot

these "javascripts" are enabled if you enable any javascript on 4chan at all.

>> No.61025826

>mobile poster gets busted
and nothing of value was lost that day

>> No.61025893

>if you didn't disable WebRTC completely BUT you updated recently uBlock Origin's filters.
uBlock Origin takes precedence it seems, so the "Content Security Policy" error will be logged if you have updated uBlock Origin's filters recently no matter if you have disabled WebRTC completely.

>> No.61025915

So is anyone going to address the problem with firefox that allowed this potentially malicious website to slip by every content filter?

>> No.61025935

>the problem with firefox
the problem is with any browser and it's called WebRTC. It's more a problem for Chrome users, since they can't disable it entirely.
The problem has been addressed extensively, read the thread.

>> No.61025955

Is it really just webrtc behaving correctly? How is bypassing everything and running in the behind-the-scenes scope normal? Why isn't webrtc assigned its own scope if it doesn't run in any of the other ones?

>> No.61025957

>1416070001 appears in the 4chan source
Why tho? 2012-01-01

>> No.61025983

There was a huge thread about it on Tuesday.
to tl;dr it, this may or may not be able to tie a user's IP to their posts.

>> No.61026068


>> No.61026131
File: 167 KB, 1340x362, 1495867210872.png [View same] [iqdb] [saucenao] [google] [report]

How come I don't have it? Does that mean I haven't been naughty like you guys?

>> No.61026135

WebRTC is disabled and I see that message. So I should be set?

>> No.61026141

Jah bless

>> No.61026179

>Tought I was safe since the very first thread about this shit cause it didn't show up on umatrix
>Checked ublock hidder requests today just because was curious

Feels Bad Man

>> No.61026210

How do you block Google without breaking captcha? I can't post otherwise. Fuck paying gookmoot.

>> No.61026213

Yeah, the WebRTC bypass has fucked us all

>> No.61026239

it shows up behind the scene logger for me too, even though I blocked it in hosts

>> No.61026272

It will because the javascript is still running on the page. The blocker only stops the connection attempt from working so whatever it's doing is kept on your machine.

>> No.61026279

so i'm basically safe?
and yes i'm using chromium

>> No.61026291

I see, thanks for clarifying.

>> No.61026339

Blocking WebRTC fixed this for me but actually what the fuck is going on?
I'm actually glad I'm not from US so if this are the feds they wont get me.
Hopefully none of you guys gets shit from it too.

Are there any other vectors aside WebRTC and some scripting shit? I'm using uBlock and noScript and it doesn't seem to be doing any connections anymore, am I safe now?

>> No.61026346

The actual tracking pixel comes from s0.2mdn.net

Whois for s0.2mdn.net says it was registered using Google DNS by MarkMonitor, Inc.

>MarkMonitor Inc. is an American software company founded in 1999. It develops software intended to protect corporate brands from Internet counterfeiting, fraud, piracy, and cybersquatting.

>> No.61026372

Check the Tor browser, they are trying to remove all fingerprinting, etc

>> No.61026454

>Checked ublock hidder requests

>> No.61026467

behind the scene

>> No.61026488
File: 9 KB, 552x166, bts.png [View same] [iqdb] [saucenao] [google] [report]


>> No.61026517
File: 74 KB, 992x880, 1473252509187.png [View same] [iqdb] [saucenao] [google] [report]

Oh, I see. It still doesn't show for me though. Maybe I don't have it, which would be weird since my posting habits seem to be in line with those who claim to have it.

>> No.61026539

Why is the favicon requested multiple times a second? github fucking sucks

>> No.61026550

I know about Tor but firefox is really comfy after some tweaking, I'm just curious if there is some way I could see all the requests.
Is uBlock listing them all?

>> No.61026572
File: 840 KB, 1176x1000, 1492195015931.png [View same] [iqdb] [saucenao] [google] [report]

I-I don't know. I was reading some documentation for a bit but now that you mention it, it's kinda weird.

>> No.61026600

ublock can show "hidden" requests that the browser itself makes. Firefox/Chrome hide those so people don't mess with them. Other than that I think they show the same amount

>> No.61026626

The Tor browser is firefox with privacy tweaks. (Though js is still enabled by default which will probably result in people being killed)

>> No.61026837

No self-destructing cookies though

It is then, thanks

>> No.61026852

Yes, you're safe

>> No.61026869

Thanks, Anon

>> No.61026927

Yea, the Tor team are making some very dumb/intelFriendly decisions, they try to explain it away by saying it's to increase users of the tor network but they're only alienating people who know anything about security.

>> No.61026971
File: 2 KB, 326x31, cancer.png [View same] [iqdb] [saucenao] [google] [report]

Update, WebRTC block is not helping

>> No.61026988

could just be the request showing

>> No.61026989

cool story bro

>> No.61027017

oy, the dev commented here.

>> No.61027039
File: 13 KB, 260x260, mods.jpg [View same] [iqdb] [saucenao] [google] [report]

mods are asleep
post sinks

>> No.61027053

shills. do not respond to this shit

>> No.61027068

How do I know for sure it is blocked then?

>> No.61027072
File: 13 KB, 320x434, NSAISPYINGONYOUFAGGITS.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.61027119

Websocket and WebRTC are two different things. Update the filters in ublock/umatrix (open settings, 3rd party filters, update now) if you didn't do it already.

>> No.61027142

are you the same guy who >>61026135
>disabled and I see that message
the message being
>Content Security Policy: The page’s settings blocked the loading of a resource at wss://a.ekansovi.com/wsp (“connect-src https: http:”).
If so, you're showing a /wsm rather than a /wsp request, and it would be interesting to know
- browser version
- status of media.peerconnection.enabled in about:config
- full string

WebRTC is used to exploit uBlock/uMatrix content filtering and to create a websocket.

>> No.61027168

btw, uBlock's filter detailed in >>61016560
should block both variants and they shouldn't hit uBlock's logger.

>> No.61027205

I'm not that guy who got the message and I don't know where should I look for it, if you can tell me where I will post results.
I'm on firefox 52.1.0, peerconnection is set to false.

>> No.61027267

update your uBlock filters
then clear everything (ctrl-shift-del)
open the thread in a new tab
and see >>61025794

>> No.61027308

no it's not

>> No.61027387


>> No.61027393

17:40:13.013 Content Security Policy: The page’s settings blocked the loading of a resource at „wss://a.ekansovi.com/wsm” („connect-src https: http:”). 1 (unknown)

I don't understand, shouldn't it exist at all after setting RTC to false?

>> No.61027486

Get a job in Tel Aviv and check the cp database

>> No.61027623

see >>61025893
you're fine.

>> No.61027649
File: 18 KB, 598x417, rtc.png [View same] [iqdb] [saucenao] [google] [report]

I'm confused. What's wrong with using this?

>> No.61027686

that's irrelevant. uBlock don't and can't do rtc content filtering. It can only inject CSP rules (firefox) or "defuse" javascript eval with uBO-extra (Chrome only)

>> No.61027693

just disable webGL/rtc entirely because its cancer.

>> No.61027735
File: 47 KB, 766x624, socket.png [View same] [iqdb] [saucenao] [google] [report]

But in conjunction with filters, it works

>> No.61027772

no, you're blocking https requests. The malicious script attempts to hit you with wss:// websockets TOO and with websockets crafted via WebRTC, thus unfilterable with uBlock/uMatrix.
Read the fucking thread.

>> No.61027823

>unfilterable with uBlock/uMatrix
better: >>61027686
>It can only inject CSP rules (firefox) or "defuse" javascript eval with uBO-extra (Chrome only)
wss / WebRTC is "indirectly filtered" in Firefox thanks to uBlock Origin's CSP injection in every 4chan thread, and it can be verified through the Console.

>> No.61027945
File: 42 KB, 1086x550, wss.png [View same] [iqdb] [saucenao] [google] [report]

Sorry, wasn't paying attention. As I said, it seems to block it, unless it's misrepresenting it.

>> No.61028139
File: 9 KB, 628x52, ss.png [View same] [iqdb] [saucenao] [google] [report]

that's a custom rule you created, and it's NOT enough. It shouldn't hit the logger. Remove your custom rule. Go through all the passages detailed in >>61027267
Pic related is what you should see in the logger.

>> No.61028201

btw in the Console (not in the logger) you'll be able to see
>Content Security Policy: The page’s settings blocked the loading of a resource at wss://a.ekansovi.com/wsp (“connect-src https: http:”).
>Content Security Policy: The page’s settings blocked the loading of a resource at https://xhr.ekansovi.com/ljs?p=[string] (“script-src http://s.4cdn.org https://s.4cdn.org http://www.google.com https://www.google.com https://www.gstatic.com http://cdn.mathjax.org https://cdn.mathjax.org https://cdnjs.cloudflare.com https://boards.4chan.org 'unsafe-inline' 'unsafe-eval'”).
>Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://boards.4chan.org/[string] (“default-src https://boards.4chan.org * data: 'unsafe-inline' 'unsafe-eval'”).
among the other CSP-related error messages.

>> No.61028350

so how does the script actually manage to somehow make these websocket connections behind-the-scene?
i messed a bit with websockets today and calling the WebSocket constructor like `new WebSocket("wss://example.com/")` etc. actually resulted in the connections being shown by uBlock's logger associated with the tab i was executing that javascript on, and NOT the behind-the-scenes view

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.