Wednesday, October 1, 2014

Hardening Opera Browser

==============================
1 - Settings
==============================
opera > settings

Browser

advanced settings > check show adv. settings

Click languages button and unselect spell check
Click prefered languages and put english above english US
Check show full URL
Setup custom proxy
Check Preload discovery contents.
Uncheck use hardware accel.
------------------------------
Websites

Do not allow site's to use java script
Add exceptions for websites you use.(essentially same as cookies)

Plugins > click to play.

Click disable individual plugs and review plugins
Click do not allow sites to show pop-ups.
Click do not allow any site to track my location.
Click do not allow sites to access my camera/mic.

Could also block all images and add exceptions for the sites you want.
------------------------------
Privacy

Uncheck use a prediction service
Uncheck predict network actions
Uncheck improve opera by sending feature
Uncheck automatically send crash reports
Check send a do not track request

Uncheck offer to save passwords.
Uncheck auto-fill.

Check block sites from setting any data.
Check block 3rd party cookies.
Add cookies to manage exceptions for cookies.
==============================
2 - Search Engines
==============================
You can add a custom search engine by opening Opera Settings, clicking 'Manage Search Engines', and then entering the following details under "Other search engines":

Name: StartPage
Keyword: sp <or other keyword of user's choice>
URL: https://startpage.com/do/search?query=%s&cat=web

Then click "Done".
==============================
3 - Cookies
==============================
Block 3rd party cookies.

ALLOW
==========
<insert site cookies you want here>

Reenable cookies for a while, go to all your regular sites, log in and do w/e.
Then go review the cookies you have, deleting any you may have picked up that arent needed.
And add exceptions ALLOW for the ones you want.
Set cookies back to block when you've added the exceptions.
============================
To allow youtube accounts to work
both google.com & accounts.google.com have to be set.

Block
==========
accounts.google.com
google-analytics.com
googleadservices.com
googlesyndication.com
googletagmanager.com
googletagservices.com
googleusercontent.com
gstatic.com
plus.google.com
google.com
youtube.com
bing.com
ssl.bing.com
www.bing.com
facebook.net
google-analytics.com
petametrics.com
http://facebook.net
http://google-analytics.com
http://petametrics.com
https://facebook.net
https://google-analytics.com
https://petametrics.com
googlesyndication.com
doubleclick.net
doubleclick.com
www.addthis.com
addthis.com


==============================
5 - Flags
==============================
Disable
----------
Enhanced autofill
JavaScript dialogs
Media capture
WebGL
hyperlink auditing
Experimental QUIC protocol
HTTPS over experimental QUIC protocol
Built-in Asynchronous DNS
Touch Optimized UI
Experimental text input focus manager.

Enable
----------
Bookmarks
Download resumptions
Proprietary media types (if you want to use something like vlc for non-flash)
Disable webgl(yes thats confusing, you're disabling it by enabling that)
Disable hyperlink auditing
sync(if you use it)
save page as mhtml

==============================
5 - Extensions
==============================
ad block plus or edge...preferably edge
https://addons.opera.com/en/extensions/details/disconnect/?display=en
https://addons.opera.com/en/extensions/details/ghostery/?display=en
https://addons.opera.com/en/extensions/details/donottrackme-online-privacy-protection/?display=en
https://addons.opera.com/en/extensions/details/duckduckgo-for-opera-2/?display=en
https://addons.opera.com/en/extensions/details/http-switchboard/?display=en
https://addons.opera.com/en/extensions/details/filter-request-headers/?display=en
https://addons.opera.com/en/extensions/details/https-everywhere/?display=en
https://addons.opera.com/en/extensions/details/user-agent-switcher/?display=en
https://www.eff.org/https-everywhere


==========================
6 - Individual extension settings
==========================
HTTP Switchboard
***
http switchboard(and noscript does also) forces javascript on so you can manage it
-leave javascript as disabled because the plugin will force enable it, and if the plugin breaks...it will get disabled by falling back to settings.
***
Set plugin to domain-level scope > *.twitch.tv
Then set the permissions for the domain to connect to:
Example: twitch.tv

BLOCK
google-analytics.com
googletagservices.com
lifedna.com
mxpnl.com
petametrics.com
quantserve.com
scorecardresearch.com
facebook.net

ALLOW
twitch.tv
betterttv.com
jtvnw.com
amazonaws.com
firebaseio.com

After the scope changes are finished, click the lock to save temp. settings permanently.

https://github.com/gorhill/httpswitchboard/wiki/How-to-use-HTTP-Switchboard:-Two-opposing-views
=============
No script

Allow/Block for each domain you visit and permanently store them.
Trial and error by temp allowing different xss connections and then permanently storing them.
=============
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)