This is something I posted here a while back, how sites like banks and other financials were making scripted local queries to check for open "services" or ports as referrals to localhost and ports known to be malicious ala some worm or botnet if they should trust you or not. Quick way for them to determine what stupid customers of theirs got got already, and lower your credit score while at it. While ok, I get it, trust no one, but that's a bit creepy that they're forcing my browser to open sockets to local ports to essentially bypass my firewall, port scan my host, while connecting to their site, and figure no one mostly will notice.

Far as I know ublock and noscript inherently block most of that (it's usually some affiliate credit check firm the bank uses for plausible deniability and blame pointing), but I do this by default for the past ~20 years to notice much.

Such is the world we live in. Shields up!

-mb

On Fri, May 20, 2022 at 8:27 PM der.hans via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:

moin moin,

once in a while I run into a site trying to make JavaScript or XHR
connections to localhost.

What are they doing?

Are they setting up backdoor tunnels on localhost?

Are they trying to run a daemon out of the browser?

Are they trying to escape the sandbox and exfiltrate data?

ciao,

der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Eternal vigilance is the price of liberty. -- Thomas Jefferson
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss