Browser Port Scan for Net Neutrality

[Alexandru Pavel]

Hi all,

I am a student currently working on a project that revolves around the Net Neutrality theme. I've been asked to implement a browser tool in order to perform some network connectivity tests, in particular to check if there are blocked ports on a target host (blocked by an ISP, taking into account that the end user environment will affect the results).

I have to be able to determine if a certain service (mostly well-known ports like FTP, SSH, Mail etc...) is online or not from the perspective of a client that performs the test against a target:port on the net (which I have no control over). The tool should also run on all major browsers and require no installation from the end user (even though a browser extension would be accepted).

I am aware that there is a huge security factor involved in modern web browsers, so working at TCP level is not allowed, and I would need an official page stating this fact. I had found a TCP Raw Socket specification from W3C, but it seems that it has been discontinued.

Also another important issue is the legal side, in allowing a client to perform such tests against a target to which it may not always have the authorization. And a solution for this issue would be to let the client only test against authorized IPs.

The main issue I am facing is to find a way to implement a port scanner in JS that can detect if a certain port is open with a different protocol than HTTP (there are JS Port Scanners which make use of XHR, Websocket or the img.onload/onerror event handler).

What are the capabilities of a web browser? I've noticed that you can access an FTP uri like ftp://ftphost.com:21 and view the files as you would do with an FTP Client. Can this be done with other protocols? And how can I make use of these functionalities with JS?

I've found a two Chrome Extensions that can connect to an SSH or FTP host through the browser:

• sFTP Client
• Secure Shell App by Google

In particular, the SSH App is based upon a NaCl (Google's Native Client) build of OpenSSH. But I assume that a Chrome Extension is not compatible with other browsers, and an implementation based on NaCl isn't very suitable for future improvements. A Chromium blog post states: "We will remove support for PNaCl in the first quarter of 2018 everywhere except inside Chrome Apps and Extensions". This in favour of WebAssembly, of which I know very little about.

Can I solve my issue with WebAssembly? How much time and know-how would it require to do it? For example could I implement a TCP Socket in C and then compile it to .wasm?

Or could I try to understand the mechanism of the Secure Shell App and adapt it to perform the tests? How can I write an extension that does this?

Thanks in advance for any advice that I could get.

Best regards,

Alexandru

[Adam Rice]

Most interesting ports are blocked by the browser. See https://fetch.spec.whatwg.org/#port-blocking.

In addition, we attempt to specifically prevent port scanning as it is used by bad people to find targets for attack.

Protocols other than HTTP variants and WebSocket are generally not supported to reduce the risk of attacks on servers that are not expecting connections from untrusted sandboxed code.

WebAssembly does not provide additional privileges over JavaScript, so it will not solve your problem.

Unfortunately I know of no single document that lays out these principles.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss