Author Topic: Cannot get to https://app.webinspector.com/recent_detections (Read 3796 times)

polonus · « **on:** October 24, 2014, 02:54:26 PM »

My browser won't open this uri, because of too many redirects. Is this a browser cache problem or are cookies being blocked?
Or could it be something at my ISP?
For this I get a privacy error: htxps://199.66.200.37/recent%20detections
See these allerted via PHISH-Watch:
Up(nil): 199.66.200.37 to 199.66.200.37 webinspector dot com htxp://app.webinspector.com/public/url_feedbacks
Up(nil): 199.66.200.37 to 199.66.200.37 webinspector dot com htxp://app.webinspector.com/online_scan?note=7

Via webproxy I can get where I wanna go: http://www.webproxy.net/view?q=http%3A%2F%2Fapp.webinspector.com%2Frecent_detections

polonus

Eddy · « **Reply #1 on:** October 24, 2014, 03:15:55 PM »

https://app.webinspector.com/recent_detections
Not opening with all shields disabled.
Must be a problem on the site.

https://app.webinspector.com
Opening without a problem.

Pondus · « **Reply #2 on:** October 24, 2014, 03:36:35 PM »

hxxps://app.webinspector.com/recent_detections opening fine here on chrome

polonus · « **Reply #3 on:** October 24, 2014, 04:50:52 PM »

Means as Eddy reports it too, this redirect loop could just be for our aerea.
Can anyone check that?
Here I can get there via a 302 error initially, see: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http://app.webinspector.com/recent_detections&acceptheader=&useragentheader=
See:

Code: [Select]

HTTP/1.1 302 Found
Date: Fri, 24 Oct 2014 16:42:04 GMT
Server: Apache
Location: http://app.webinspector.com/recent_detections
Content-Length: 300
Content-Type: text/html; charset=iso-8859-1

polonus

polonus · « **Reply #4 on:** October 24, 2014, 11:11:59 PM »

Reason to believe there is phishing going on there. Re: http://jsunpack.jeek.org/?report=3ef03c5e3c72e937bd7b6c379415f1a6a4e5b094
via -server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=/www.instantssl.com/ssl-certificate-images/liveperson/sales
See this dork: http://xss.cx/2011/09/18/ghdb/dork-xss-reflected-cross-site-scripting-cwe79-capec86-javascript-handler-style-attribute-injection-onmouseover-example-poc-report-01.html
See for warnings on asafa-scan: https://asafaweb.com/Scan?Url=server.iad.liveperson.net%2Fhc%2F61298727%2Fx.js%3Fcmd%3Dfile%26amp%3Bfile%3DchatScript3%26amp%3Bsite%3D61298727%26amp%3B%26amp%3BimageUrl%3D%2Fwww.instantssl.com%2Fssl-certificate-images%2Fliveperson%2Fsale
See on Set-Cookies which may create the redirect-loop problem: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=server.iad.liveperson.net%2Fhc%2F61298727%2Fx.js%3Fcmd%3Dfile%26amp%3Bfile%3DchatScript3%26amp%3Bsite%3D61298727%26amp%3B%26amp%3BimageUrl%3D%2Fwww.instantssl.com%2Fssl-certificate-images%2Fliveperson%2Fsale&useragentheader=&acceptheader=

polonus

polonus · « **Reply #5 on:** October 25, 2014, 12:35:36 AM »

Via a smartphone I can get to that uri
It is on the same wifi connection, but on W8 does not resolve.

pol

polonus · « **Reply #6 on:** October 27, 2014, 05:41:04 PM »

To-day I could not log-in to http://www.msn.com/nl-nl?pc=XXXXX&ocid=XXXXXXX
What is causing this? Is it with Google Chrome or is it with my ISP.
I think the first as in IE all sites open without any hesitation so it is browser related.
This took some time to be resolved with the Google Chrome browser renderer:
http://jsunpack.jeek.org/?report=e9a285f3f1645493b1f63921e737ac32f470efb4
Open link with NoScript active in a VM or sandbox - for security research only.
In Google Chrome I get: info: [script] app.webinspector.com/assets/application-8a32489ca49a3dfa26b88de8747c29f0.js
info: [decodingLevel=0] found JavaScript
error: undefined variable document.URL
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var document.URL = 1;
error: line:1: ....^
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
error: line:3: ...............^
&
app.webinspector.com/js/utm.js benign
[nothing detected] (script) app.webinspector.com/js/utm.js
status: (referer=app.webinspector.com/assets/javascript:false;)
hangs on this script: server.iad.liveperson.net/hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=/www.instantssl.com/ssl-certificate-images/liveperson/sales

suspicious: info: [iframe] app.webinspector.com/assets/javascript:false;
info: [decodingLevel=0] found JavaScript
error: undefined function d.getElementsByTagName
error: undefined variable d
suspicious
I get initia;;y this response: The document has moved <a href="http://app.webinspector.com/recent_detections">here</a>.</p>
http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http://app.webinspector.com/recent_detections&acceptheader=&useragentheader=

polonus

polonus · « **Reply #7 on:** October 27, 2014, 06:28:24 PM »

Header security, just one setting is OK:
Security Headers for https://app.webinspector.com/recent_detections
Using user-agent for Chrome 31.0-WinXP 32-bit

Result   Category   Name   Actual Value   Our Recommendation
Missing Framing   X-Frame-Options   Use 'sameorigin'
Warning Transport   Strict-Transport-Security   max-age=15768000   Use 'max-age=31536000; includeSubDomains'
Missing Content   X-Content-Type-Options      Use 'nosniff'
Correct Content   Content-Type   text/html; charset=utf-8   Use 'text/html;charset=utf-8'
Missing XSS   X-XSS-Protection      Use '1; mode=block'
Warning Cookies   Set-Cookie   risk=; path=/; expir...ov-2014 17:23:07 GMT   Add 'secure; httponly;'
Warning Cookies   Set-Cookie   list=50; path=/; exp...ov-2014 17:23:07 GMT   Add 'secure; httponly;'
Warning Cookies   Set-Cookie   _WI_session=e6a0e0ce...:38:07 GMT; HttpOnly   Add 'secure;'
Warning Caching   Cache-Control   max-age=0, private, must-revalidate   Add 'no-cache, no-store'
Missing Caching   Pragma      Use 'no-cache'
Missing Caching   Expires      Use '-1'
Missing Access Control   X-Permitted-Cross-Domain-Policies      Use 'master-only'
Missing Content Security Policy   Content-Security-Policy      Try Content-Security-Policy-Report-Only to start. Include default-src 'self', avoid 'unsafe-inline' and 'unsafe-eval'
Other Headers
Name   Value
ETag   "c590764761591ea9e394ca9051561269"
X-Request-Id   7f0ba18b65fc97db2780b66f2d4c2f97
X-UA-Compatible   IE=Edge,chrome=1
Date   Mon, 27 Oct 2014 17:23:07 GMT
X-Rack-Cache   miss
Connection   Keep-Alive
Status   200
Keep-Alive   timeout=5, max=100
Content-Length   25140
Server   Apache

polonus

polonus · « **Reply #8 on:** October 28, 2014, 10:44:18 PM »

All by it's own the issue was solved, webpage uri now resolves normally without any redirect loop alert.
Haven't a clue, but apparently it was at the server side.
Must reveal I used this check: http://best-seo-tools.net/googlecheck/

polonus