undefined | Better HN

0 pointsTrueDuality1y ago0 comments

Yeah this is a good call-out. If the site is being used for drive-by or targeted malware there are other checks that may be happening alongside the redirect such as user agent, country of origin (like you mentioned), plugins installed, OS, or even time of day.

If they detect something that matches what they want, they may throw some intermediate 301's to pages that attempt to infect the user with something still ultimately redirecting to the "normal" page.

0 comments

SlightlyLeftPad1y ago

Just a note 301s are super sticky and browsers cache them even across incognito modes. Your best bet is to use a new browser after reconnecting to avoid false results.

avoutic1y ago

On Chromium-based browsers, if you open the Developer Tools (F12 or Inspect in right click) and you go to the Network tab, you can click 'Disable Cache'.

In my experience, this solves the sticky 301 issue and you should have no issues with cached 301s anymore.

Works perfect for these kind of investigations or if you made a mistake during site development.

SlightlyLeftPad1y ago

Of course, there are ways to clear it but that’s never something you could expect a non-technical user to do.

nneonneo1y ago

Really? That seems like a fantastic way to fingerprint people. I would be a bit surprised if that was the case...

(Fingerprint usage: have https://myfingerprint.example.com 301 to https://myfingerprint.example.com/unique_id_3b136c1cb, then embed https://myfingerprint.example.com in an iframe and see which request is made.)

kqr1y ago

I'm not GP but a decade ago when I started out as a web developer I made the mistake of using 301s in production and at the time we never figured out how to get the browser to re-learn the responses for those pages without drastic measures.

I still never use 301s for that reason. Things may have changed, but I dare not try!

1 more reply

SlightlyLeftPad1y ago

Interesting use case actually. I had never thought of this. I wonder if it’s used in the wild

jezek21y ago

You can disable caching in Firefox's developer tools, this covers such cached redirects. Very useful combined with a persistent log of network activity to avoid clears after redirects.

j / k navigate · click thread line to collapse

0 pointsTrueDuality1y ago0 comments

If they detect something that matches what they want, they may throw some intermediate 301's to pages that attempt to infect the user with something still ultimately redirecting to the "normal" page.

0 comments

SlightlyLeftPad1y ago

Just a note 301s are super sticky and browsers cache them even across incognito modes. Your best bet is to use a new browser after reconnecting to avoid false results.

avoutic1y ago

On Chromium-based browsers, if you open the Developer Tools (F12 or Inspect in right click) and you go to the Network tab, you can click 'Disable Cache'.

In my experience, this solves the sticky 301 issue and you should have no issues with cached 301s anymore.

Works perfect for these kind of investigations or if you made a mistake during site development.

SlightlyLeftPad1y ago

Of course, there are ways to clear it but that’s never something you could expect a non-technical user to do.

nneonneo1y ago

Really? That seems like a fantastic way to fingerprint people. I would be a bit surprised if that was the case...

kqr1y ago

I still never use 301s for that reason. Things may have changed, but I dare not try!

1 more reply

SlightlyLeftPad1y ago

Interesting use case actually. I had never thought of this. I wonder if it’s used in the wild

jezek21y ago

You can disable caching in Firefox's developer tools, this covers such cached redirects. Very useful combined with a persistent log of network activity to avoid clears after redirects.

j / k navigate · click thread line to collapse