Protecting against Neopets Cookie Grabber (CGer) Guide

Submitted by saudor on Sun, 17/05/2009 - 8:13am

Welcome to the in-depth guide to avoiding cookie grabbers. This page has been generated from background information of how it works, reverse engineering of various neo CGs and 1st hand research. (plus losing 800k + trades along the way, but hey, it's priceless!!)

[SHORT VERSION]

For the in-depth version, please see http://www.neopets.com/~punchback_bob
Remember that Internet Explorer is vulnerable to on-site cookie grabbers (on neopets)
Opera users should use the userjs file called BlockScript. It's sorta complicated but it's here

Get firefox here: http://www.mozilla.com/en-US/firefox/firefox.html?from=getfirefox

Recommended Firefox Add-ons
"NOSCRIPT" This helps block malicious scripts from running. 
Don't forget to whitelist neopets.com and any other sites that you trust (like hotmail.com) (see attachment)

FLASHBLOCK This allows you to selectively load adobe flash player objects. If you need flash to play games, simply click the arrow to enable that object. This is allowed since most browsers don't even come with flash. Do not whitelist neopets as one type of CG uses a redirection of http://images.neopets.com/flash_version_check_v1.swf? to steal cookies.

KEYSCRAMBLER ADD-ON. For protection against key loggers (programs that record everything you type) It's no use changing your password if every key you press is being sent to the "hacker"

ADBLOCK. It allows you to block ads... and other things (like CGs) See attachment for more info

REQUESTPOLICY. RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.

 

Think you got CG'd?

If you THINK you were CG'd, the first you should do is LOG OUT. Why? Because this invalidates the cookie that the "idiot" took. Try it yourself. Log into neo in another browser. You will see that you can browse neopets for a bit on both web browsers. Now click the log out button of one browser and see what happens. Contrary to popular belief, clearing cookies will do nothing for you. Just log out, get the keyscrambler add-on (if you can get it), and then log back in and THEN change your password

 

AttachmentSize
Image icon whitelist-neopets.gif74.73 KB
Image icon ablock-instructions.gif43.8 KB
Forums: 
Neopets Misc
  • 230782 reads

Thanks for the response.
habit_of_mine | Fri, 13/08/2010 - 7:39pm |

zixianna luckily for us, TNT reviews trophy scores, so they see if you're cheating using a score sender to earn a trophy is pretty much asking for a ban >.> thank goddd for that xD ~Abrar http://www.neopets.com/browseshop.phtml?owner=abrar1646&misc
abrar13 | Fri, 13/08/2010 - 9:31pm |

Not sure if anyone can shed some light on this but what I have been wondering since I became frozen is... If Iframe coding does not pass neo filters it could not have been directly added through my shop description which probably indicates that no one directly accessed my account. Does it mean that the page was edited above my level of editing access like straight on the server files or how did it actually get there.. Pets paradise Mall 3 Branches Info http://www.neopets.com/~Shizukeo
Gavin63 | Sat, 14/08/2010 - 7:42pm |

First, how long have iFrames been caught by the filters? Second, I believe what people were doing was adding in links and tags that the filters normally would not allow by breaking the tags up through special characters and other methods I won't understand until I see them and look up how they work *lol* This thread is way too long to read through it all, I bet everything I want to know is buried in there somewhere!
zixianna | Sat, 14/08/2010 - 7:45pm |

The code that I found is on a text file on this thread http://www.neomallers.com/node/3023 Pets paradise Mall 3 Branches Info http://www.neopets.com/~Shizukeo
Gavin63 | Sat, 14/08/2010 - 7:57pm |

Yea, if you notice, there is no actual 'iframe' tag in there. They tricked both the filters and browsers into rendering an iframe. Enforcing proper HTML tags shoud precludes this particular trick now. Which means they'll just find a new trick shortly, and probably faster than TNT is taking to fix this one (which is just standard operating procedure in the Black Hat community *lol* ). p.s. - One thing I've never learned to do is how to search on google with special characters, code, tags, etc. I'll have to do that, it's always very annoying...
zixianna | Sat, 14/08/2010 - 8:33pm |

With the code in the shop in the form it was it did not pass the filters. Other users found the same code when they tried to update their shops.. even just having the word Iframe in any descriptions is picked up straight away.. Pets paradise Mall 3 Branches Info http://www.neopets.com/~Shizukeo
Gavin63 | Sat, 14/08/2010 - 8:38pm |

[quote=Gavin63]With the code in the shop in the form it was it did not pass the filters. Other users found the same code when they tried to update their shops.. even just having the word Iframe in any descriptions is picked up straight away.. [/quote] There is another possibility too - using escape sequences and the like to enter the characters into the shop. For example, I can type <iframe> here by using & lt ; and & gt ;, but if you try to copy and paste that in, it isn't going to work.
zixianna | Sat, 14/08/2010 - 8:42pm |

FYI, for Chrome users, theres a new extension call NotScrips, which is like NoScript for FF. Its new, so probably not as good, but its better than nothing! :D [hr][size=11]Wearable Clothing for your pets! www.neopets.com/browseshop.phtml?owner=_jaspeh_&misc 4mil Independent Ads http://www.neopets.com/~SicalliaRomeo [/size]
[hr][size=11]Training, Luck & Medicine! ^_^ www.neopets.com/browseshop.phtml?owner=_jaspeh_&misc#c [/size]
_jaspeh_ | Wed, 18/08/2010 - 8:53am |

When I get suspicious, I just inspect the element via firebug. : D
I need to stop playing neopets. I'll never have a social life ><
slintia | Thu, 26/08/2010 - 3:25pm |

Pages