Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/garywill/lan-port-scan-forbidder

Forbid untrusted webs to access localhost or LAN. An anti-scan protection 🛡️🏡
https://github.com/garywill/lan-port-scan-forbidder

browser browser-extension firefox firefox-addon firefox-extension lan-port-scanner privacy security webextension

Last synced: about 1 month ago
JSON representation

Forbid untrusted webs to access localhost or LAN. An anti-scan protection 🛡️🏡

Host: GitHub
URL: https://github.com/garywill/lan-port-scan-forbidder
Owner: garywill
License: gpl-2.0
Created: 2021-08-13T01:07:24.000Z (over 3 years ago)
Default Branch: master
Last Pushed: 2024-03-23T15:17:00.000Z (10 months ago)
Last Synced: 2024-03-23T16:27:56.330Z (10 months ago)
Topics: browser, browser-extension, firefox, firefox-addon, firefox-extension, lan-port-scanner, privacy, security, webextension
Language: JavaScript
Homepage:
Size: 57.6 KB
Stars: 63
Watchers: 4
Forks: 2
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # LAN port scan forbidder

Forbid untrusted web to scan localhost or LAN. Browser addon.

- [Firefox Addon](https://addons.mozilla.org/firefox/addon/lan-port-scan-forbidder/)

- [Chrome Addon](https://chrome.google.com/webstore/detail/lapppchpconamefemlnjdebbcpbncafl) (Manifest v2 needed) (recent version of Chrome has already built-in similar feature)

## What

Webs can try to fetch `127.0.0.1:xxxx` or `192.168.Y.Z:xxxx` to scan your open ports in LAN.

Although browsers have cross-domain protections, webs can't read response contents, **but** can still see the connection succeeds or fails.

There're already reports that some websites using that as tracking fingerprint.

> A web for testing: http://samy.pl/webscan/

## So

Forbid any website behaviors trying to connect to your LAN or localhost, if user is visiting the website via their domains or public IP addresses. (Read the source code `background.js` to see the logic)

> Using JS library [whitequark/ipaddr.js](https://github.com/whitequark/ipaddr.js) (MIT License) v2.0.0 to judge IP range.

### Notification

User can enable notification. When untrusted web tries to access private network and get blocked, will show up notification. 

### Fallback operation

If user find a web broken, user can temporary set this addon disabled via toolbar button for:

- this one tab

- this one tab and new tabs opened by this tab

- this one window (Firefox only)

- globally

(above can be set as keyboard shortcuts)

there's showy toolbar button badge indicating disabling status.

## Cases when web LAN scan is properly used

Not all LAN-port-scan are evil.

- Some manufacturers provide web for user's browser to scan LAN for their product that need updating.

- Some softwares use `127.0.0.1` communication to interact between native program and web.

## Disclaimer

This open souce addon comes with no warranty. Use on you own risk!