• 0

Being attacked externally with Fiddler open.


Question

+unabatedshagie

Where I work I need to test payment processes (Elavon, SagePay etc)

I need to open a port on my router and forward it to my machine so that the redirect URL for the payment will work correctly.

The port on the router is only open and forwarding when I need to test payment stuff.

 

When I have the port open and am using Fiddler to test I notice that I get inbound requests showing from google.pl and a few others which seem to use my computer to perform searches etc.

 

How can I get Fiddler to stop allowing these requests? As I'm currently having to constantly open and close Fiddler so that only running when absolutely needed.

Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0
+John Teacake

They are probably Web Crawlers indexing your page..... Why would you want to stop that? 

Link to post
Share on other sites
  • 0
+unabatedshagie

I'm running the code locally.

 

It's not web crawlers, they are using my computer to perform web searches.

Link to post
Share on other sites
  • 0
Depicus

They are automated scripts or web crawlers - most of it benign or looking for weaknesses so always make sure you are up to date with patching and secure your server. I'd NEVER let my development laptop anywhere near the internet except behind a firewall so I'd suggest maybe port forwarding to your server but using port mapping i.e. 80 -> 8080 on the server.

 

If you think the code is running locally then time to scan for malware and viruses.

 

Link to post
Share on other sites
  • 0
+unabatedshagie

On our router port 80 is being forwarded to my computer's IP address.

I have Fiddler set up to allow remote computers to connect on port 8888.

 

With this setup if I leave Fiddler running after a few minutes I see entries showing up in Fiddler which then start performing web searches.

 

How would I go about configuring whatever I need to configure to prevent this?

 

 

Link to post
Share on other sites
  • 0
+BudMan

Could you please post what your seeing in fiddler.. And could you also do an actual wireshark sniff as well at the same time.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Abhay V
      Microsoft is testing a 'Web Capture' feature in Edge Canary
      by Abhay Venkatesh



      One of legacy Edge’s standout features was the ability to quickly annotate on a webpage’s screenshot right frrm the browser. However, with the move to Chromium-based Edge, that feature was lost. While the company is working to bring the ability to annotate on PDFs using a digital stylus, it looks like it is also testing a Web Capture feature for users running Edge Canary.

      The feature is currently being tested as part of an A/B test effort, with the ‘Web Capture’ option sitting in the ellipsis menu. The feature icon features a pen, suggesting that the firm could add annotation capabilities in the future. For now, though, the tool lets users select a section of a webpage and either copy it to the clipboard, preview it and save the image, or share it. Folks over at Aggiornamenti Lumia got the feature to work and posted a short video on Twitter:

      It would not be surprising if the firm adds support for drawing and annotating on the screenshot before it makes the option widely available for testing. Currently, one of the in-built options to annotate on screenshots directly is to use the Snip and Sketch feature in Windows. The feature is mapped to the Windows+Shift+S screenshot which lets users select a part of the screen and draw on it.

      Considering that the feature is being tested in a limited fashion in Edge Canary, it could be a while before it makes it to more branches in testing – if it does ever see the light of the day, that is.

    • By Ather Fawaz
      SpaceX is planning to build floating spaceports for space travel and hypersonic flights
      by Ather Fawaz



      SpaceX is on quite a roll this year. After successfully completing the Dragon's first crewed flight to the International Space Station, the firm deployed 58 more Starlink satellites just a few days back. Now, the company has shifted gears back to its Starship initiative, which is slated to be SpaceX's top priority henceforth.

      After a scoop from SpaceXFleet stated that SpaceX is recruiting Offshore Operations Engineers in Brownsville, Elon Musk confirmed that the company is building a floating spaceport for space travel and hypersonic flights around the Earth. He further added that these spaceports will be refurbished oil platforms complete with a hyperloop for transportation to and from the land.

      The spaceport is intended for the Starship rocket, which is set to be SpaceX's go-to rocket for the exploration and habitation of Mars in the coming years. The recruitment location, Brownsville, is also near the Boca Chica test site where the company is currently testing the rocket's prototypes.

      While a floating spaceport has been linked to the Starship project for quite some time now, this is the first time that we've had signs of something tangible supporting the rumors. However, Musk noted that the first Earth-to-Earth flights still need substantial groundwork. He gave a window of at least two to three years before test flights for the same commence.

    • By zikalify
      Linux Mint 20 beta images undergoing last-minute tests
      by Paul Hill

      According to the Linux Mint website, the Linux Mint 20 beta is undergoing last-minute checks before it’s released to the general public. If the images are approved, the general public will be able to use the beta and report any problems and then around two weeks later, the stable Linux Mint 20 images will be made available for download.

      According to a blog post from June 1, the team will still be making last-minute tweaks during the beta period. It said that the new colours will receive last-minute adjustments during the beta phase based on the responses it receives from testers. It admitted that it has had mixed reactions to the new colours and is expected to revert some of the new colours back to their original forms.

      Another change expected in Linux Mint 20 is that snapd will have to be explicitly installed. Last week, Neowin reported that the Mint team were angry that Canonical had made snapd a requirement for some installs which it promised it would never do. As a result, Linux Mint 20 will tell users to explicitly install snapd if they want to use dependent software.

      If all goes according to plan and the beta is pushed in the next few days we may see the final version of Linux Mint 20 being made available at the end of the month or in early July.

      Linux Mint 20 is based on Ubuntu 20.04 and will be supported until April 2025. If you’re on Linux Mint 19 and want to upgrade to the new version when its out, it’s best to back up your data and do a clean install. An upgrade path will be made available between Mint 19.3 and Mint 20 but it will likely involve extensive command line use and things could break so a clean install is preferable.

    • By zikalify
      Apple awards $10 million to COVID-19 test maker
      by Paul Hill



      Apple has announced that it’s furthering its COVID-19 contributions by awarding COPAN Diagnostics, a COVID-19 test maker, $10 million from its Advanced Manufacturing Fund. According to the iPhone maker, the funding will allow COPAN Diagnostics to “rapidly accelerate” the production of sample collection kits for hospitals across the United States.

      In the announcement, Apple said that COPAN Diagnostics is expanding the production of kits from several thousand today to more than one million per week by the first weeks of July. The kits will be produced at a new facility in Southern California which uses advanced equipment designed by Apple. Fifty new jobs are also expected to be created with the ramp-up of test kit production.

      Commenting on the move, Apple’s chief operating officer, Jeff Williams, said:

      The funding being sent to COPAN Diagnostics builds on the contributions Apple has already made in an effort to fight COVID-19. In March, the firm announced that was matching employee’s donations to organisations fighting the disease and that it had already donated $15 million worldwide at the time.

      The company has also developed a screening tool for iOS and the Web, and it has developed an API which can be used by governments around the world to develop contact tracing apps that preserve privacy and aren’t too power intensive.

    • By Ather Fawaz
      Amazon opens up 75,000 more jobs, initial 100,000 have been filled up
      by Ather Fawaz



      Almost a month back, Amazon opened up 100,000 new jobs amidst a demand surge caused by COVID-19. Today, the firm announced that those 100,000 jobs have been filled up, and now it will be hiring a further 75,000 people. The new jobs will be ranging from warehouse staff to delivery drivers keeping in view the increase in online orders.

      The announcement comes hot on the heels of record-high unemployment rates across the United States. The e-commerce giant has also had to deal with significant pressure calling for the company to close its warehouses after several cases were reported in the facilities. However, the company stated that it is building its own COVID-19 testing labs for workers. The company further stated that it had made 150 significant process changes at warehouses globally to protect its staff.

      The firm also increased its hourly wages, adding $2 to its minimum $15 per hour to U.S. workers’ wages through April. Considering the increase in wages, initially, the firm expected to spend around $350 million, but that figure has now risen to $500 million in increased compensation for hourly employees globally.