PingVPN and Browsec VPN chrome extension
1,083 views
Skip to first unread message
Edan Pedragosa
May 12, 2016, 9:45:25 PM5/12/16
to NxFilter
Hi!
After the ulrasurf extension, I tested two more extension from chrome and it seems that those are more persistent than ultrasurf.
It changes the proxy to this for Browsec:
ZnVuY3Rpb24gZG9tYWluSXMoaG9zdCxkb21haW4pe3JldHVybiBob3N0PT1kb21haW58fGRuc0RvbWFpbklzKGhvc3QsIi4iK2RvbWFpbil9ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCxob3N0KXt2YXIgY29uZmlnPSJIVFRQUyBzZzEucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnNi5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2cxMy5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2czLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzcucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnOC5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2cyLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzExLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzE0LnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzEyLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzUucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnMTAucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnOS5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2c0LnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzE1LnBvc3Rscy5jb206NDQzOyAiO3ZhciBieXBhc3M9WyJnb29nbGUtYW5hbHl0aWNzLmNvbSJdO2hvc3Q9aG9zdC50b0xvd2VyQ2FzZSgpO2lmKGlzUGxhaW5Ib3N0TmFtZShob3N0KXx8aXNJbk5ldEV4KGhvc3QsIjEyNy4wLjAuMC84Iil8fGlzSW5OZXRFeChob3N0LCIxMC4wLjAuMC84Iil8fGlzSW5OZXRFeChob3N0LCIxNzIuMTYuMC4wLzEyIil8fGlzSW5OZXRFeChob3N0LCIxOTIuMTY4LjAuMC8xNiIpfHxpc0luTmV0RXgoaG9zdCwiZmMwMDo6LzciKXx8aXNJbk5ldEV4KGhvc3QsImZlODA6Oi8xMCIpKXtyZXR1cm4iRElSRUNUIn1mb3IodmFyIGk9MDtpPGJ5cGFzcy5sZW5ndGg7aSsrKXtpZihkb21haW5Jcyhob3N0LGJ5cGFzc1tpXSkpe3JldHVybiJESVJFQ1QifX1yZXR1cm4gY29uZmlnfQ==
that translates to:
function domainIs(host,domain){return host==domain||dnsDomainIs(host,"."+domain)}function FindProxyForURL(url,host){var config="HTTPS sg1.postls.com:443; HTTPS sg6.postls.com:443; HTTPS sg13.postls.com:443; HTTPS sg3.postls.com:443; HTTPS sg7.postls.com:443; HTTPS sg8.postls.com:443; HTTPS sg2.postls.com:443; HTTPS sg11.postls.com:443; HTTPS sg14.postls.com:443; HTTPS sg12.postls.com:443; HTTPS sg5.postls.com:443; HTTPS sg10.postls.com:443; HTTPS sg9.postls.com:443; HTTPS sg4.postls.com:443; HTTPS sg15.postls.com:443; ";var bypass=["google-analytics.com"];host=host.toLowerCase();if(isPlainHostName(host)||isInNetEx(host,"127.0.0.0/8")||isInNetEx(host,"10.0.0.0/8")||isInNetEx(host,"172.16.0.0/12")||isInNetEx(host,"192.168.0.0/16")||isInNetEx(host,"fc00::/7")||isInNetEx(host,"fe80::/10")){return"DIRECT"}for(var i=0;i<bypass.length;i++){if(domainIs(host,bypass[i])){return"DIRECT"}}return config}
and PingVPN from these:
PAC script: data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCl7aWYoc2hFeHBNYXRjaChob3N0LCIxMC5bMC05XSsuWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjE3Mi5bMC05XSsuWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjE5Mi4xNjguWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjEyNy4wLjAuMSIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsImxvY2FsaG9zdCIpKXtyZXR1cm4gRElSRUNUO31pZihob3N0ID09ICJqemFhLmNvbSIgfHwgZG5zRG9tYWluSXMoaG9zdCwiLmp6YWEuY29tIikpe3JldHVybiAiU09DS1M1IDEyNy4wLjAuMToxMDgwOyI7fWlmKGhvc3QgPT0gImdvb2dsZS1hbmFseXRpY3MuY29tIiB8fCBkbnNEb21haW5Jcyhob3N0LCIuZ29vZ2xlLWFuYWx5dGljcy5jb20iKSl7cmV0dXJuICJTT0NLUzUgMTI3LjAuMC4xOjEwODA7Ijt9cmV0dXJuIERJUkVDVDt9
to this:
function FindProxyForURL(url, host){if(shExpMatch(host,"10.[0-9]+.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"172.[0-9]+.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"192.168.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"127.0.0.1")){return DIRECT;}if(shExpMatch(host,"localhost")){return DIRECT;}if(host == "jzaa.com" || dnsDomainIs(host,".jzaa.com")){return "SOCKS5 127.0.0.1:1080;";}if(host == "google-analytics.com" || dnsDomainIs(host,".google-analytics.com")){return "SOCKS5 127.0.0.1:1080;";}return DIRECT;}
PingVPN needs another extension to run flawlessly but Browsec does not need any and it has tons of VPN connectivity options to choose from.
Here are just some of the domains Browsec connects to:
sg1.postls.com
nl10.postls.com
uk16.postls.com
us7.postls.com
Any help on how we can overcome this?
Thanks in advance!
After the ulrasurf extension, I tested two more extension from chrome and it seems that those are more persistent than ultrasurf.
It changes the proxy to this for Browsec:
ZnVuY3Rpb24gZG9tYWluSXMoaG9zdCxkb21haW4pe3JldHVybiBob3N0PT1kb21haW58fGRuc0RvbWFpbklzKGhvc3QsIi4iK2RvbWFpbil9ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCxob3N0KXt2YXIgY29uZmlnPSJIVFRQUyBzZzEucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnNi5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2cxMy5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2czLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzcucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnOC5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2cyLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzExLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzE0LnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzEyLnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzUucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnMTAucG9zdGxzLmNvbTo0NDM7IEhUVFBTIHNnOS5wb3N0bHMuY29tOjQ0MzsgSFRUUFMgc2c0LnBvc3Rscy5jb206NDQzOyBIVFRQUyBzZzE1LnBvc3Rscy5jb206NDQzOyAiO3ZhciBieXBhc3M9WyJnb29nbGUtYW5hbHl0aWNzLmNvbSJdO2hvc3Q9aG9zdC50b0xvd2VyQ2FzZSgpO2lmKGlzUGxhaW5Ib3N0TmFtZShob3N0KXx8aXNJbk5ldEV4KGhvc3QsIjEyNy4wLjAuMC84Iil8fGlzSW5OZXRFeChob3N0LCIxMC4wLjAuMC84Iil8fGlzSW5OZXRFeChob3N0LCIxNzIuMTYuMC4wLzEyIil8fGlzSW5OZXRFeChob3N0LCIxOTIuMTY4LjAuMC8xNiIpfHxpc0luTmV0RXgoaG9zdCwiZmMwMDo6LzciKXx8aXNJbk5ldEV4KGhvc3QsImZlODA6Oi8xMCIpKXtyZXR1cm4iRElSRUNUIn1mb3IodmFyIGk9MDtpPGJ5cGFzcy5sZW5ndGg7aSsrKXtpZihkb21haW5Jcyhob3N0LGJ5cGFzc1tpXSkpe3JldHVybiJESVJFQ1QifX1yZXR1cm4gY29uZmlnfQ==
that translates to:
function domainIs(host,domain){return host==domain||dnsDomainIs(host,"."+domain)}function FindProxyForURL(url,host){var config="HTTPS sg1.postls.com:443; HTTPS sg6.postls.com:443; HTTPS sg13.postls.com:443; HTTPS sg3.postls.com:443; HTTPS sg7.postls.com:443; HTTPS sg8.postls.com:443; HTTPS sg2.postls.com:443; HTTPS sg11.postls.com:443; HTTPS sg14.postls.com:443; HTTPS sg12.postls.com:443; HTTPS sg5.postls.com:443; HTTPS sg10.postls.com:443; HTTPS sg9.postls.com:443; HTTPS sg4.postls.com:443; HTTPS sg15.postls.com:443; ";var bypass=["google-analytics.com"];host=host.toLowerCase();if(isPlainHostName(host)||isInNetEx(host,"127.0.0.0/8")||isInNetEx(host,"10.0.0.0/8")||isInNetEx(host,"172.16.0.0/12")||isInNetEx(host,"192.168.0.0/16")||isInNetEx(host,"fc00::/7")||isInNetEx(host,"fe80::/10")){return"DIRECT"}for(var i=0;i<bypass.length;i++){if(domainIs(host,bypass[i])){return"DIRECT"}}return config}
and PingVPN from these:
PAC script: data:application/x-ns-proxy-autoconfig;base64,ZnVuY3Rpb24gRmluZFByb3h5Rm9yVVJMKHVybCwgaG9zdCl7aWYoc2hFeHBNYXRjaChob3N0LCIxMC5bMC05XSsuWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjE3Mi5bMC05XSsuWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjE5Mi4xNjguWzAtOV0rLlswLTldKyIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsIjEyNy4wLjAuMSIpKXtyZXR1cm4gRElSRUNUO31pZihzaEV4cE1hdGNoKGhvc3QsImxvY2FsaG9zdCIpKXtyZXR1cm4gRElSRUNUO31pZihob3N0ID09ICJqemFhLmNvbSIgfHwgZG5zRG9tYWluSXMoaG9zdCwiLmp6YWEuY29tIikpe3JldHVybiAiU09DS1M1IDEyNy4wLjAuMToxMDgwOyI7fWlmKGhvc3QgPT0gImdvb2dsZS1hbmFseXRpY3MuY29tIiB8fCBkbnNEb21haW5Jcyhob3N0LCIuZ29vZ2xlLWFuYWx5dGljcy5jb20iKSl7cmV0dXJuICJTT0NLUzUgMTI3LjAuMC4xOjEwODA7Ijt9cmV0dXJuIERJUkVDVDt9
to this:
function FindProxyForURL(url, host){if(shExpMatch(host,"10.[0-9]+.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"172.[0-9]+.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"192.168.[0-9]+.[0-9]+")){return DIRECT;}if(shExpMatch(host,"127.0.0.1")){return DIRECT;}if(shExpMatch(host,"localhost")){return DIRECT;}if(host == "jzaa.com" || dnsDomainIs(host,".jzaa.com")){return "SOCKS5 127.0.0.1:1080;";}if(host == "google-analytics.com" || dnsDomainIs(host,".google-analytics.com")){return "SOCKS5 127.0.0.1:1080;";}return DIRECT;}
PingVPN needs another extension to run flawlessly but Browsec does not need any and it has tons of VPN connectivity options to choose from.
Here are just some of the domains Browsec connects to:
sg1.postls.com
nl10.postls.com
uk16.postls.com
us7.postls.com
Any help on how we can overcome this?
Thanks in advance!
Jinhee
May 12, 2016, 10:31:01 PM5/12/16
to NxFilter
Show me its manifest.json. That's the important one. It's under,
C:\Users\<Your User>\AppData\Local\Google\Chrome\User Data\Default\extensions
There may be several extensions though. If you know the ID of the extension that'd be easier.
I guess it has proxy permission. In that case we need to kill Chrome procss whenever we find some
extension having proxy permission.
Edan Pedragosa
May 12, 2016, 11:31:33 PM5/12/16
to NxFilter
I was able to block Browsec extension by adding *.postls.com to a custom block list then block it in policy.
Only PingVNP is persistent now.
UltraSurf manifest.json:
{
"background": {
"page": "background.html"
},
"browser_action": {
"default_icon": "assets/img/icon/icon_BW_48.png",
"default_popup": "control.html"
},
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com 'unsafe-eval'; object-src 'self'",
"default_locale": "en",
"description": "Unblock The Internet With The Flip Of A Switch.",
"icons": {
"128": "assets/img/icon/icon_128.png",
"16": "assets/img/icon/icon_16.png",
"48": "assets/img/icon/icon_48.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP/qhw6s3LqmrXpsBqgNxh0jxGDcYuXx6Puds+3trx3avmMA0AhhF8wFPDyc5oHLJ/J31ckmEq6OEO5VNrDLtmzAxd2S2boxqTJ0lrAWdNERn/n+7L2lMroFZ436dEe8XEROKdsUWvZkeAu31qEFAhNDPp1CQhgUWO5zMmwaknZe+wf3NgFoVg8u4STvW3ihvg11eYqxKvHKFhWcWHCySWmZ1tc8FrHBRIOjCS2lwNf/jipBfW0rLFLcBAw/aGAFBiQXfNTADT3gDJh0OQCnrh1CA1t9wgdpGUylGGzhkvbAFaCozp5XlGg1jIExhTVZv3WhMQVYoABGBPjU0VEILQIDAQAB",
"manifest_version": 2,
"name": "UltraSurf Security, Privacy & Unblock VPN",
"permissions": [ "http://*/*", "https://*/*", "*://*/*", "proxy", "storage", "webRequest", "management", "webRequestBlocking", "tabs" ],
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "1.2.20"
}
Browsec manifest.json:
{
"background": {
"scripts": [ "jquery.js", "background.js" ]
},
"browser_action": {
"default_icon": {
"19": "images/icon-disabled-19.png",
"38": "images/icon-disabled-38.png"
},
"default_popup": "popup.html",
"default_title": "__MSG_browser_action_inactive_title__"
},
"content_scripts": [ {
"js": [ "content_script.js" ],
"matches": [ "https://browsec.com/*" ],
"run_at": "document_start"
} ],
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'",
"default_locale": "en",
"description": "__MSG_extension_description__",
"homepage_url": "https://browsec.com/",
"icons": {
"128": "images/icon128.png",
"16": "images/icon16.png",
"48": "images/icon48.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSY9yeEz4fQpDZ6OhH7rZFPt/9BDKuyvXsMnhHfZ069L2TqGeooqFtHBNcDzpccAFkfehNCfcg3QBQpYAWEKmv05Nt0Eqek/XUmXlY8e6yd+Ig3UbZvpesUs1ZxUsWl9Ilta80yLsbgtKveAPVmShl7PB0jRGNb0WfLKxtYyB+2QIDAQAB",
"manifest_version": 2,
"minimum_chrome_version": "22.0",
"name": "Browsec VPN - Privacy and Security Online",
"permissions": [ "proxy", "webRequest", "webRequestBlocking", "\u003Call_urls>", "background" ],
"short_name": "Browsec",
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "3.4.0"
}
PingVPN manifest.json:
{
"background": {
"persistent": true,
"scripts": [ "js/jquery.js", "js/websql.js", "js/system.js", "js/background.js" ]
},
"browser_action": {
"default_icon": "img/off.png",
"default_popup": "popup.html",
"default_title": "PingVPN"
},
"content_security_policy": "script-src 'self' https://www.google-analytics.com; object-src 'self'",
"description": "PingVPN unblock any website, Encrypt your connection, Experience a more open and private Internet.",
"icons": {
"128": "img/icon.png",
"16": "img/icon.png",
"48": "img/icon.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+4MUcaq6hlElSSyEvBI03molH3cX3S9cn9SP6khWq+HQXGY3PFrxWJTDQVc2Sie1USY4EaYOWRpnVwdn8qwG/Ur4HZzL8Q1/HB5nsuprd1K4Wex/rE9VuNoVO2ptSzcuNG0KVY7Ut77EsjUENbglRlaotKF4TZJd5AL9H1Qz1LK71LqS6Q2exk98TAzwcY/CBARcAroR3z9E+GpYjA3LnZtADxClQCqj+fZkuECqZ+JZ1uQauY+mmQZYJuUNDZimCJu97ClCNrfltzq3KpgvgEbzADqN0x4oLwSP24AhO9iBXq9RvcOpyl2HI+bKTXjymWmHH0AW1DxSQwshvvvcwIDAQAB",
"manifest_version": 2,
"name": "PingVPN - Unblock Security Free VPN/Proxy",
"options_page": "option.html",
"permissions": [ "proxy", "management", "webRequest", "*://*/*", "tabs", "notifications", "history" ],
"update_url": "http://clients2.google.com/service/update2/crx",
"version": "0.1.1"
}
PingVPN Server manifest.json:
{
"app": {
"background": {
"scripts": [ "lib/forge.min.js", "lib/logging.js", "lib/common.js", "lib/crypto/rc4_md5.js", "lib/crypto/forge.js", "lib/encrypt.js", "lib/socks5.js", "lib/background.js" ]
}
},
"description": "PingVPN APP Server.",
"icons": {
"128": "img/icon.png",
"16": "img/icon.png",
"64": "img/icon.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU+JT1dOyB1C1/f+1loTe7TdV5VJ1rHW2vCtxCAbo7/TAec3aB7i2NT6IZI8ikN4Ie/G8wXFkEG8BPCZkMhJ1U1SbferqOwKzEk/NSmf9Uw/N2Ghs4UvIuFRn46jR2NmKtTsgyYgi7fY/mQQA3a+ZY6ICuTwbJkrHe/plqFI3HWtiuQ7cQ3DOCxkX/baxHDJ9I7K8xhfgyJFll4xQeguDBIQQxQUibS1Au5V1CtzDwf8MVNv7KjMRk6c/s7+vG5mfMuhTFhxxYHB131exsPM105hK9JlopZpxt/er/7dBqkM1MgOU6RRB6TPxfVY7neUpqfdFhItyPsgKIQhtcYZYwIDAQAB",
"manifest_version": 2,
"minimum_chrome_version": "41",
"name": "PingVPN Server",
"permissions": [ "background", "storage" ],
"sockets": {
"tcp": {
"connect": [ "*:*" ]
},
"tcpServer": {
"listen": [ "*:*" ]
},
"udp": {
"bind": [ "*:*" ],
"send": [ "*:*" ]
}
},
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "0.1.0"
}
Only PingVNP is persistent now.
UltraSurf manifest.json:
{
"background": {
"page": "background.html"
},
"browser_action": {
"default_icon": "assets/img/icon/icon_BW_48.png",
"default_popup": "control.html"
},
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com 'unsafe-eval'; object-src 'self'",
"default_locale": "en",
"description": "Unblock The Internet With The Flip Of A Switch.",
"icons": {
"128": "assets/img/icon/icon_128.png",
"16": "assets/img/icon/icon_16.png",
"48": "assets/img/icon/icon_48.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkP/qhw6s3LqmrXpsBqgNxh0jxGDcYuXx6Puds+3trx3avmMA0AhhF8wFPDyc5oHLJ/J31ckmEq6OEO5VNrDLtmzAxd2S2boxqTJ0lrAWdNERn/n+7L2lMroFZ436dEe8XEROKdsUWvZkeAu31qEFAhNDPp1CQhgUWO5zMmwaknZe+wf3NgFoVg8u4STvW3ihvg11eYqxKvHKFhWcWHCySWmZ1tc8FrHBRIOjCS2lwNf/jipBfW0rLFLcBAw/aGAFBiQXfNTADT3gDJh0OQCnrh1CA1t9wgdpGUylGGzhkvbAFaCozp5XlGg1jIExhTVZv3WhMQVYoABGBPjU0VEILQIDAQAB",
"manifest_version": 2,
"name": "UltraSurf Security, Privacy & Unblock VPN",
"permissions": [ "http://*/*", "https://*/*", "*://*/*", "proxy", "storage", "webRequest", "management", "webRequestBlocking", "tabs" ],
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "1.2.20"
}
Browsec manifest.json:
{
"background": {
"scripts": [ "jquery.js", "background.js" ]
},
"browser_action": {
"default_icon": {
"19": "images/icon-disabled-19.png",
"38": "images/icon-disabled-38.png"
},
"default_popup": "popup.html",
"default_title": "__MSG_browser_action_inactive_title__"
},
"content_scripts": [ {
"js": [ "content_script.js" ],
"matches": [ "https://browsec.com/*" ],
"run_at": "document_start"
} ],
"content_security_policy": "script-src 'self' https://ssl.google-analytics.com; object-src 'self'",
"default_locale": "en",
"description": "__MSG_extension_description__",
"homepage_url": "https://browsec.com/",
"icons": {
"128": "images/icon128.png",
"16": "images/icon16.png",
"48": "images/icon48.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSY9yeEz4fQpDZ6OhH7rZFPt/9BDKuyvXsMnhHfZ069L2TqGeooqFtHBNcDzpccAFkfehNCfcg3QBQpYAWEKmv05Nt0Eqek/XUmXlY8e6yd+Ig3UbZvpesUs1ZxUsWl9Ilta80yLsbgtKveAPVmShl7PB0jRGNb0WfLKxtYyB+2QIDAQAB",
"manifest_version": 2,
"minimum_chrome_version": "22.0",
"name": "Browsec VPN - Privacy and Security Online",
"permissions": [ "proxy", "webRequest", "webRequestBlocking", "\u003Call_urls>", "background" ],
"short_name": "Browsec",
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "3.4.0"
}
PingVPN manifest.json:
{
"background": {
"persistent": true,
"scripts": [ "js/jquery.js", "js/websql.js", "js/system.js", "js/background.js" ]
},
"browser_action": {
"default_icon": "img/off.png",
"default_popup": "popup.html",
"default_title": "PingVPN"
},
"content_security_policy": "script-src 'self' https://www.google-analytics.com; object-src 'self'",
"description": "PingVPN unblock any website, Encrypt your connection, Experience a more open and private Internet.",
"icons": {
"128": "img/icon.png",
"16": "img/icon.png",
"48": "img/icon.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+4MUcaq6hlElSSyEvBI03molH3cX3S9cn9SP6khWq+HQXGY3PFrxWJTDQVc2Sie1USY4EaYOWRpnVwdn8qwG/Ur4HZzL8Q1/HB5nsuprd1K4Wex/rE9VuNoVO2ptSzcuNG0KVY7Ut77EsjUENbglRlaotKF4TZJd5AL9H1Qz1LK71LqS6Q2exk98TAzwcY/CBARcAroR3z9E+GpYjA3LnZtADxClQCqj+fZkuECqZ+JZ1uQauY+mmQZYJuUNDZimCJu97ClCNrfltzq3KpgvgEbzADqN0x4oLwSP24AhO9iBXq9RvcOpyl2HI+bKTXjymWmHH0AW1DxSQwshvvvcwIDAQAB",
"manifest_version": 2,
"name": "PingVPN - Unblock Security Free VPN/Proxy",
"options_page": "option.html",
"permissions": [ "proxy", "management", "webRequest", "*://*/*", "tabs", "notifications", "history" ],
"update_url": "http://clients2.google.com/service/update2/crx",
"version": "0.1.1"
}
PingVPN Server manifest.json:
{
"app": {
"background": {
"scripts": [ "lib/forge.min.js", "lib/logging.js", "lib/common.js", "lib/crypto/rc4_md5.js", "lib/crypto/forge.js", "lib/encrypt.js", "lib/socks5.js", "lib/background.js" ]
}
},
"description": "PingVPN APP Server.",
"icons": {
"128": "img/icon.png",
"16": "img/icon.png",
"64": "img/icon.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU+JT1dOyB1C1/f+1loTe7TdV5VJ1rHW2vCtxCAbo7/TAec3aB7i2NT6IZI8ikN4Ie/G8wXFkEG8BPCZkMhJ1U1SbferqOwKzEk/NSmf9Uw/N2Ghs4UvIuFRn46jR2NmKtTsgyYgi7fY/mQQA3a+ZY6ICuTwbJkrHe/plqFI3HWtiuQ7cQ3DOCxkX/baxHDJ9I7K8xhfgyJFll4xQeguDBIQQxQUibS1Au5V1CtzDwf8MVNv7KjMRk6c/s7+vG5mfMuhTFhxxYHB131exsPM105hK9JlopZpxt/er/7dBqkM1MgOU6RRB6TPxfVY7neUpqfdFhItyPsgKIQhtcYZYwIDAQAB",
"manifest_version": 2,
"minimum_chrome_version": "41",
"name": "PingVPN Server",
"permissions": [ "background", "storage" ],
"sockets": {
"tcp": {
"connect": [ "*:*" ]
},
"tcpServer": {
"listen": [ "*:*" ]
},
"udp": {
"bind": [ "*:*" ],
"send": [ "*:*" ]
}
},
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "0.1.0"
}
Jinhee
May 12, 2016, 11:36:36 PM5/12/16
to NxFilter
The best way of blocking these proxy manipulating Chrome extensions is to kill Chrome process when there's an extension having proxy permission. All of them have proxy permission.
Jinhee
May 18, 2016, 11:37:33 PM5/18/16
to NxFilter
NxClient v6.8 has been released. When you block UltraSurf with its application control it kills Chrome process when there's an extension having proxy permission.
Edan Pedragosa
May 19, 2016, 2:39:10 AM5/19/16
to NxFilter
Thank you so much Jinhee!
By the way, I got a work-around for this using group policy.
Here's the link to guides and download the policy templates for windows/mac/linux.
https://support.google.com/chrome/a/answer/187202?hl=en
Administrators can set restriction to disallow changing proxy in chrome which blocks those vpn/proxy extensions.
Thank you once again for your help!
By the way, I got a work-around for this using group policy.
Here's the link to guides and download the policy templates for windows/mac/linux.
https://support.google.com/chrome/a/answer/187202?hl=en
Administrators can set restriction to disallow changing proxy in chrome which blocks those vpn/proxy extensions.
Thank you once again for your help!
Reply all
Reply to author
Forward
0 new messages