0000276: Kali Linux reports attacks made through the browser to google by default.

ID	Project	Category	View Status	Date Submitted	Last Update

0000276	Kali Linux	General Bug	public	2013-04-18 00:12	2013-04-22 09:58

Reporter	some.hacker	Assigned To	muts
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required

Summary	0000276: Kali Linux reports attacks made through the browser to google by default.
Description	In the current IceWeasel (18.0.1), google is notified every time a URL that looks malicious is detected. This goes against the ethos of this distribution (The quieter you are, the more you are able to hear...), and may also inadvertently tip off a blue team during a red team exercise. (Google sends automated emails to the owners of the attacked domains)
Steps To Reproduce	Download and install Damn Vulnerable Web App (http://dvwa.co.uk) on any machine and attack "easy" level SQL injection with the string ' or '1'='1 while sniffing your network traffic. You will see traffic being sent from iceweasel to google and an encrypted (or raw binary) response coming back.
Additional Information	Temporary fix: open about.config and toggle browser.safebrowsing.malware.enabled from true to false. This appears to stop the web traffic. It would be nice to disable self-reporting, but still get information on possible malicious URL's.

some.hacker 2013-04-18 23:20 reporter ~0000389	Made a thread on /r/netsec on it to see what that community thought. http://www.reddit.com/r/netsec/comments/1ckejb/google_safe_browsing_plugin_on_by_default_in_kali/ Here is some more info on the plugin: https://developers.google.com/safe-browsing/developers_guide_v2#GetKeyRequests https://bugzilla.mozilla.org/show_bug.cgi?id=388652 Consensus seems to be that while this plugin is likely NOT leaking attack data, it should be disabled or at least manually updated in keeping with the spirit of stealth in this distro.

muts 2013-04-22 09:58 reporter ~0000393	Thanks for this report. This level of intervention with users browsers in deemed not in our scope. This is one of the reasons Kali does not come pre-installed with any security browser plugins, as BackTrack did. Our users should be capable of making these changes in their browsers without the need for the Kali team to fork the whole Iceweasel package for a single config.

Date Modified	Username	Field	Change
2013-04-18 00:12	some.hacker	New Issue
2013-04-18 20:18	WiK	Assigned To	=> WiK
2013-04-18 20:18	WiK	Status	new => assigned
2013-04-18 23:20	some.hacker	Note Added: 0000389
2013-04-22 09:58	muts	Note Added: 0000393
2013-04-22 09:58	muts	Status	assigned => closed
2013-04-22 09:58	muts	Assigned To	WiK => muts
2013-04-22 09:58	muts	Resolution	open => no change required