Safe banking dump
-
<p><strong>Real PC:</strong></p>
<p><strong>Windows 10 x64 18363.476</strong></p>
<p><strong>KTS 21.0.29.1036 app+drv ver. on</strong></p>
<p><strong>Standard Browser: Firefox</strong></p>
<p>um:application_fault_avrf_5c40d234_safe_banking.dll!ekagetobjectfactory</p>
<p><strong>Reproduction steps:</strong></p>
<p><span></span>Not realy sure what happened here.</p>
<p>I was trying to pay something with paypal and was switching around between safe money browser and normal firefox i just had closed the safe money browser and tried to login in paypal in the normal browser when this dump came. The first one was corrupted but i got 3 failed attempts to write the same dump again so i took the last one.</p>
<p><strong>Actual result:</strong></p>
<p><span></span>Login was made hard beacuse of the dump creation</p>
<p><strong>Expected Result:</strong></p>
<p><span></span>No dump no problem =)</p> -
<p>@helios_07, hello! </p>
<p></p>
<p>Can you please try to reproduce this dump with collecting <span>HAR-traces</span></p>
<p><span>in your browser go F12 tools -> network, switch on "preserve logs". after dump save browser's traces as HAR file.</span></p> -
<p>@dmitriy-pisarets</p>
<p>I will try that over the weekend and report back next week or if i can reproduce it.</p> -
<p>@dmitriy-pisarets</p>
<p><strong>KTS 21.0.33.1168 app+drv ver. on</strong></p>
<p><strong>Reproduction Steps:</strong></p>
<ol>
<li>open the paypal login page with a link like : <a href="https://www.paypal.com/de/signin/" target="_blank" rel="noopener">https://www.paypal.com/de/signin/</a></li>
<li>turn off the option to save settings for this site and open website in safe browser</li>
<li>type in a username and password (first signs of problems start here its usualy laggy the typing in of the password)</li>
<li>close safe browser</li>
<li>refresh the page where you were asked if you want to open the site in safe browser</li>
<li>turn off the option to save settings for this site and open website in normal browser</li>
<li>type in your info, click something on the site, logging in not required ( the dump should be created now during this step)</li>
</ol>
<p>Dump + traces + har logs: <a href="https://cloud.qainfo.ru/s/TxlyTEhUj8N6EFF" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/TxlyTEhUj8N6EFF</a></p>
<p></p>
<p>With those steps its stable to reproduce for me.</p>
<p></p> -
<p>@helios_07 HI! thx for your time!</p>
<p>can you please:</p>
<p>1 ) try reproduce it in other browsers </p>
<p>2) tell us what plugins are in your FF</p>
<p>3) in FF go to about:config, set filter referer and send us all fields and they value to us</p>
<p></p>
<p>Thank you! </p>
<div></div> -
<p>@dmitriy-pisarets</p>
<p>1) Still working on it.</p>
<p>2) Dark Reader, Decentraleyes, HTTPS Everywhere, Privacy Badger, Ublock Origin, Kaspersky Password Manager, Kaspersky Protection</p>
<p>3) https://cloud.qainfo.ru/s/wfe2ITjRLg267Qr</p> -
<p>@helios_07, Hi! thx for your time. Looking forward answer on 1) position</p>
-
<p>@dmitriy-pisarets</p>
<p>Hi dmitriy,</p>
<p>I think this is the dump from using chrome, its very different there. It seems i only had to open paypal login and type something in, then i get an unhandled exception in plugin-nms.exe and a while later the dump.</p>
<p>A key part for the dump seem to be one or more of the plugins, but i havent had the time to figure out which.</p>
<p>Traces + dump: <a href="https://cloud.qainfo.ru/s/BM9nFOcDl6sqdAt" target="_blank" rel="noopener">https://cloud.qainfo.ru/s/BM9nFOcDl6sqdAt</a></p>
<p></p>
<p>As far as i can tell, something goes wrong in combination with those plugins when i go on the paypal login page, which results in the dump in the end. Should be the same for Firefox.</p> -
<p>@helios_07 said in <a href="/post/7760" target="_blank" rel="noopener">Safe banking dump</a>:</p>
<blockquote>dump from using chrome</blockquote>
<p>this dump generated new issue. Thank you for your time.</p> -
<p>@helios_07 hello! there is setting network.http.sendRefererHeader = 0 it cause problem. this setting isn't standart, did you change it manually? if you'll change it - problem will pass away</p>
-
<p>@dmitriy-pisarets</p>
<p>Ah ok i might have changed that, i will try that =)</p>