Discussion:
[chromium-discuss] Browser Port Scan for Net Neutrality
Alexandru Pavel
2018-07-23 10:33:40 UTC
Permalink
Hi all,

I am a student currently working on a project that revolves around the Net
Neutrality theme. I've been asked to implement a browser tool in order to
perform some network connectivity tests, in particular to check if there
are blocked ports on a target host (blocked by an ISP, taking into account
that the end user environment will affect the results).

I have to be able to determine if a certain service (mostly well-known ports
<https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports>
like FTP, SSH, Mail etc...) is online or not from the perspective of a
client that performs the test against a target:port on the net (which I
have no control over). The tool should also run on all major browsers and
require no installation from the end user (even though a browser extension
would be accepted).

I am aware that there is a huge security factor involved in modern web
browsers, so working at TCP level is not allowed, and I would need an
official page stating this fact. I had found a TCP Raw Socket specification
<https://www.w3.org/TR/tcp-udp-sockets/> from W3C, but it seems that it has
been discontinued.

Also another important issue is the legal side, in allowing a client to
perform such tests against a target to which it may not always have the
authorization. And a solution for this issue would be to let the client
only test against authorized IPs.

The main issue I am facing is to find a way to implement a port scanner in
JS that can detect if a certain port is open with a different protocol than
HTTP (there are JS Port Scanners which make use of XHR, Websocket or the
img.onload/onerror event handler).

What are the capabilities of a web browser? I've noticed that you can
access an FTP uri like ftp://ftphost.com:21 and view the files as you would
do with an FTP Client. Can this be done with other protocols? And how can I
make use of these functionalities with JS?

I've found a two Chrome Extensions that can connect to an SSH or FTP host
through the browser:

- sFTP Client
<https://chrome.google.com/webstore/detail/sftp-client/jajcoljhdglkjpfefjkgiohbhnkkmipm>
- Secure Shell App
<https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo>
by Google

In particular, the SSH App
<https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/hack.md>
is based upon a NaCl (Google's Native Client) build of OpenSSH. But I
assume that a Chrome Extension is not compatible with other browsers, and
an implementation based on NaCl isn't very suitable for future
improvements. A Chromium blog post
<https://blog.chromium.org/2017/05/goodbye-pnacl-hello-webassembly.html>
states: "We will remove support for PNaCl in the first quarter of 2018
everywhere except inside Chrome Apps and Extensions". This in favour of
WebAssembly, of which I know very little about.

Can I solve my issue with WebAssembly? How much time and know-how would it
require to do it? For example could I implement a TCP Socket in C and then
compile it to .wasm?

Or could I try to understand the mechanism of the Secure Shell App and
adapt it to perform the tests? How can I write an extension that does this?

Thanks in advance for any advice that I could get.

Best regards,
Alexandru
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
Adam Rice
2018-07-24 05:58:49 UTC
Permalink
Most interesting ports are blocked by the browser. See
https://fetch.spec.whatwg.org/#port-blocking.

In addition, we attempt to specifically prevent port scanning as it is used
by bad people to find targets for attack.

Protocols other than HTTP variants and WebSocket are generally not
supported to reduce the risk of attacks on servers that are not expecting
connections from untrusted sandboxed code.

WebAssembly does not provide additional privileges over JavaScript, so it
will not solve your problem.

Unfortunately I know of no single document that lays out these principles.
Post by Alexandru Pavel
Hi all,
I am a student currently working on a project that revolves around the Net
Neutrality theme. I've been asked to implement a browser tool in order to
perform some network connectivity tests, in particular to check if there
are blocked ports on a target host (blocked by an ISP, taking into account
that the end user environment will affect the results).
I have to be able to determine if a certain service (mostly well-known ports
<https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports>
like FTP, SSH, Mail etc...) is online or not from the perspective of a
client that performs the test against a target:port on the net (which I
have no control over). The tool should also run on all major browsers and
require no installation from the end user (even though a browser extension
would be accepted).
I am aware that there is a huge security factor involved in modern web
browsers, so working at TCP level is not allowed, and I would need an
official page stating this fact. I had found a TCP Raw Socket
specification <https://www.w3.org/TR/tcp-udp-sockets/> from W3C, but it
seems that it has been discontinued.
Also another important issue is the legal side, in allowing a client to
perform such tests against a target to which it may not always have the
authorization. And a solution for this issue would be to let the client
only test against authorized IPs.
The main issue I am facing is to find a way to implement a port scanner in
JS that can detect if a certain port is open with a different protocol than
HTTP (there are JS Port Scanners which make use of XHR, Websocket or the
img.onload/onerror event handler).
What are the capabilities of a web browser? I've noticed that you can
access an FTP uri like ftp://ftphost.com:21 and view the files as you
would do with an FTP Client. Can this be done with other protocols? And how
can I make use of these functionalities with JS?
I've found a two Chrome Extensions that can connect to an SSH or FTP host
- sFTP Client
<https://chrome.google.com/webstore/detail/sftp-client/jajcoljhdglkjpfefjkgiohbhnkkmipm>
- Secure Shell App
<https://chrome.google.com/webstore/detail/secure-shell-app/pnhechapfaindjhompbnflcldabbghjo>
by Google
In particular, the SSH App
<https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/hack.md>
is based upon a NaCl (Google's Native Client) build of OpenSSH. But I
assume that a Chrome Extension is not compatible with other browsers, and
an implementation based on NaCl isn't very suitable for future
improvements. A Chromium blog post
<https://blog.chromium.org/2017/05/goodbye-pnacl-hello-webassembly.html>
states: "We will remove support for PNaCl in the first quarter of 2018
everywhere except inside Chrome Apps and Extensions". This in favour of
WebAssembly, of which I know very little about.
Can I solve my issue with WebAssembly? How much time and know-how would it
require to do it? For example could I implement a TCP Socket in C and then
compile it to .wasm?
Or could I try to understand the mechanism of the Secure Shell App and
adapt it to perform the tests? How can I write an extension that does this?
Thanks in advance for any advice that I could get.
Best regards,
Alexandru
--
--
http://groups.google.com/a/chromium.org/group/chromium-discuss
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
Loading...