Which ports do web browsers block?

23Jun08

This is a continuation of the previous post on the subject of HTML forms abuse.

Kuza55 and others suggested that I publish a list of ports that are blocked for each browser, and it seems like a good idea to better understand the attack vector. The full list of blocked ports for each major browser is now included in the appendixes section.

Should you wish to reproduce this list, this is how I did it:

Requirements:

tcpdump kung-fu
time

Steps:

Choose an internal host that is reachable. We will use 192.168.0.1 as example. We will be launching a port scan on this machine. It is important to make sure that you have no other TCP connections between your machine and this host.

Start tcpdump with the following switches:

tcpdump -w browsertest.cap tcp and dst host 192.168.0.1

Load this page on your web browser. It will take a while – Internet Explorer can take up to a day, while other browsers (on a Mac) typically take 20 minutes or so. It doesn’t work with Mozilla (Firefox) browsers.
Use this python script (makes use of scapy) to extract the ports that were not hit.

If you got a more efficient way of doing this just drop me an email.

Meanwhile download the updated paper.

Filed under: Site news | 1 Comment
Tags: extended form attack, firefox, internet explorer, opera, restricted ports, safari

One Response to “Which ports do web browsers block?”

Feed for this Entry Trackback Address

1 Dave on March 12, 2010 said:

Firebind.com is a web-based, client-server architecture that allows a user to test outbound connectivity for any of the 65535 TCP Ports. In other words, it will tell you whether a firewall is blocking your IP device from reaching the Internet or not. It can distinguish between browser blocked ports (like those listed above), ports blocked by a TCP RESET, and ports blocked by a TCP TIMEOUT.
It was designed to help users determine whether their applications are being blocked or not, especially for road warriors connecting from hotels, airports, coffee shops, etc. But it can also be used by IT admins to validate corporate firewall outbound ACLs.

http://www.firebind.com

One helpful feature is the ability to be able to launch a test from a link. This test below will check whether port 3389 (Windows Remote Desktop) is open to the Internet (outbound direction) from the user’s machine.

http://www.firebind.com/3389

You can do a range of ports as well. This test below is for all of the Yahoo Messenger TCP Ports.

http://www.firebind.com/80,5000-5001,5050,5100-5101

Reply

Recent Posts
Contact

US: +1 (845) 658-4069
UK: +44 020 8133 7269
MT: +356 3456 9870
E: info@enablesecurity.com
More points of contact
Subscribe in a reader
Blogroll
- SIPVicious Blog
Good stuff
- Security Tube
Media Mentions
Partners
Reading
Resources
- SIPVicious tool suite
Subscribe to EnableSecurity Email
twitter feed
- when you hear them stammer with: "but they told us its secure!!", thats when you know they're in trouble 20 hours ago
- @norbertbonnici in 2006 there was no fluffy buzzwords :p in 2006 we had real hard disks :D 1 day ago
- oh the joys of finding a long lost hard disk with pictures from 2006 :') 1 day ago
- on #brucon training voip pentest training module 4 is about attacking UC - http://bit.ly/aUnar0 .. pick up phone, tap boss's phone? 1 day ago
- VoIP pentest crashcourse at #brucon, module 3 will be about attacking the media, i.e. fun with RTP - intro at http://bit.ly/8ZRx0e 6 days ago

Which ports do web browsers block?

One Response to “Which ports do web browsers block?”

Leave a Reply

Recent Posts

Contact

Blogroll

Good stuff

Media Mentions

Partners

Reading

Resources

twitter feed