Expanding short links in Firefox
At some moment I was bored that the link shortening services were sending me where it was not known. Not so long ago, I wrote about a pdf exploit , and the risk of stumbling upon such a miracle, clicking on a short link on someone else’s twitter did not please me at all.
I found two ways to deal with this: link deployment and transition control (HTTP codes 3xx).
So, it is given: Firewall is a browser, bit.ly is an object of study, Twitter is a medium. Where to go to solve the problem? On the official website of the modules for Firefox ! One of the first to find its own browser extension from the bit.ly service, which, when you hover over the link, showed where it leads. But besides this convenience, the add-in added a sentence to shorten it to the context menu of each link . Without the possibility of this offer off in the settings. Brand addition was scornfully thrown out.
The time has come for more effective means.
')
If a short link leads somewhere, it means that someone needs it. And we need to know where it leads. The website with the clear name Long URL Please (“Long link, please”) offers to install its add-on for Firefox , but also agrees to work from the bookmarklet.
The service does exactly what the title says: it unfolds short links in the code of the page into long links. Here's how it looks before and after:
Both in the first and in the second case I hover the mouse over the first link in the record. The difference is obvious. And the overall look of the page has not changed!
NoRedirect is a plugin comparable to heavy artillery.
To begin, I will quote the official description and comments of the author:
All add-on settings are extremely simple. You specify:
The default settings will protect US users from DNS hijackings (providers Rogers, Verizon, Cox, and even the OpenDNS service lit up in the list), and we will add our own rules.
To unconditionally block all redirections, create a new rule and move it to the top of the list:
Now, if you go to any redirect link, you will see a warning strip, with a real address to which you can click. With an example from the review of the previous plugin, it will look like this:
If you are paranoid, you can calm down. However, suppose suspicion of everyone and everything in you is not sitting. Then you can quite flexibly customize the plugin, here are some examples:
I started with the rule to control all redirects. Most likely, I will later add a number of rules that allow redirects on trusted sites, however, during the plug-in run-in, a number of interesting interiors of websites emerged.
For example, advertising may look more fun than usual:
A competing, in terms of corporate blogs, the site livehh.ru chases its users through a certain of his own hhid.ru:
And if by default the recording of cookies is enabled, then the good hhid.ru also feeds the user's browser cookies.
If you have such funny examples - feel free to post in the comments!
No matter how good the 'Long URL Please' and 'NoRedirect' are, I still advise you to use the NoScript plugin for more security ( about it in Habré ).
I found two ways to deal with this: link deployment and transition control (HTTP codes 3xx).
So, it is given: Firewall is a browser, bit.ly is an object of study, Twitter is a medium. Where to go to solve the problem? On the official website of the modules for Firefox ! One of the first to find its own browser extension from the bit.ly service, which, when you hover over the link, showed where it leads. But besides this convenience, the add-in added a sentence to shorten it to the context menu of each link . Without the possibility of this offer off in the settings. Brand addition was scornfully thrown out.
The time has come for more effective means.
')
Long URL Please
If a short link leads somewhere, it means that someone needs it. And we need to know where it leads. The website with the clear name Long URL Please (“Long link, please”) offers to install its add-on for Firefox , but also agrees to work from the bookmarklet.
The service does exactly what the title says: it unfolds short links in the code of the page into long links. Here's how it looks before and after:
Both in the first and in the second case I hover the mouse over the first link in the record. The difference is obvious. And the overall look of the page has not changed!
NoRedirect
NoRedirect is a plugin comparable to heavy artillery.
To begin, I will quote the official description and comments of the author:
NoRedirect gives the user control over HTTP redirects. It can be used to prohibit a provider’s DNS query, preview abbreviated links (for example, TinyURL), stop annoying redirection of smart error pages, etc.
Kai Liu:The initial incentive to create NoRedirect was disappointment in the search service provider Verizon, which could not always be turned off. Every time you encounter a DNS error — typing a non-existent address, clicking the link with a typo, missing the letters when copying the address — I was redirected to the “useful” Verizon search page, which meant one thing: I had to type the address again to correct the typo.
Such user-hostile services are implemented by many Internet service providers and some domain registrars. Many users were surprised by the redirection by typing ".cm" instead of ".com". In addition to stopping such redirects, NoRedirect restores the natural behavior of the browser: showing the built-in error when trying to access a non-existing domain, and, if enabled, activating the built-in keyword search system, they will be protected from interception of erroneous DNS queries.
All add-on settings are extremely simple. You specify:
- regexp reference handler pattern (regexp)
- respond to redirects when addressing from or to the monitored domain
- allow or block redirection
- whether the browser should issue a standard DNS error
The default settings will protect US users from DNS hijackings (providers Rogers, Verizon, Cox, and even the OpenDNS service lit up in the list), and we will add our own rules.
To unconditionally block all redirections, create a new rule and move it to the top of the list:
^http://.* ; don’t put a single check mark.Now, if you go to any redirect link, you will see a warning strip, with a real address to which you can click. With an example from the review of the previous plugin, it will look like this:
Lyrical digression: some redirection services have built-in controls for clicking on links. So, TinyURL allows you to add cookies to your browser that determines whether to follow links directly, or via the TinyURL website with a preview of the address. And now the link http://tinyurl.com/hhabr will not take you anywhere;) Another, even better example - the link maker B23, when added to any of its link-abbreviations, the question mark shows all the information about it http://b23.ru / ssdv? . The statistics of the abbreviation bit.ly can not be obtained by adding a plus sign to the link: bit.ly/vanM5+ . The list can certainly continue ...
If you are paranoid, you can calm down. However, suppose suspicion of everyone and everything in you is not sitting. Then you can quite flexibly customize the plugin, here are some examples:
- allow all redirects from b23.ru:
^http://b23\.ru [V] [V] [_] - allow all redirects to LJ:
^http://[\w\-]+\.livejournal\.com [_] [V] [_] - control all transitions from the bit.ly service:
^http://bit\.ly [V] [_] [_]
Unexpected
I started with the rule to control all redirects. Most likely, I will later add a number of rules that allow redirects on trusted sites, however, during the plug-in run-in, a number of interesting interiors of websites emerged.
For example, advertising may look more fun than usual:
A competing, in terms of corporate blogs, the site livehh.ru chases its users through a certain of his own hhid.ru:
And if by default the recording of cookies is enabled, then the good hhid.ru also feeds the user's browser cookies.
If you have such funny examples - feel free to post in the comments!
But that is not all!
No matter how good the 'Long URL Please' and 'NoRedirect' are, I still advise you to use the NoScript plugin for more security ( about it in Habré ).
Source: https://habr.com/ru/post/66748/
All Articles