Brian King //
On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox was making on its own. I was having to scroll around way more than I used to while trying to make sense of the traffic. The last straw was this “detectportal” thing that seemed to be showing up every 60 seconds.
I found some other Firefox users complaining about the same things, and I followed those steps, but they didn’t cover everything. I’m going to show you what I learned about keeping Firefox quieter, and I’ll give you a file you can use yourself to take care of all this stuff automatically when you set up a new installation.
I set up a fresh install of Firefox version 53.0 with no plugins or add-ons, and told it to connect through Burp Suite. I added the Burp CA certificate so Firefox wouldn’t complain about the certificates Burp would generate, and so I could still connect to the sites using HSTS.
After ten minutes of just letting the browser sit there, I’d captured 52 HTTP requests to 12 unique domains.
Ten Minutes, No User Action, Twelve Domains
Ten Minutes, 52 Requests
The first (and last) request was the one that got my attention and started me down this road. By default, Firefox sends an HTTP GET to http://detectportal.firefox.com/success.txt every 60 seconds. And the response is just the word “success” – what’s it doing? According to https://bugzilla.mozilla.org/show_bug.cgi?id=1307867, this is a way for Firefox to detect if it’s running behind a captive portal. A captive portal is that sign-in page you get at hotels and airports when you try to browse the Internet, where you have to log in or agree to terms or some such.
There’s an “advanced” setting that can disable this, but nothing exposed in the UI. In the address bar, type “about:config” then click through the warning.
Search for network.captive-portal-service.enabled and click it to toggle to “false,” and it’ll stop sending this request.
That takes care of this one case, but while we’re at it, let’s see how far we can go. The Firefox project has a list to help you out, under the heading, How to stop Firefox from making automatic connections “https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections”
That article is a little old, and some things are not where they were when it was written, so let’s start with the UI as it is in version 53.0 of Firefox, which is the current version as of this writing.
Before we begin, you need to know that the button at the top right of the browser window, just below the title bar, with three horizontal lines across it is called the “hamburger menu” by the same people who want you to believe that the floppy disk icon is an unrecognizable symbol for the “save” function. When I say “hamburger” below, that’s what I’m talking about.
- Hamburger > Options > General: When Firefox Starts: “Show a blank page”
- Search: uncheck “provide search suggestions” for whichever search engine you choose.
- Content: (no changes)
- Applications: (no changes)
- Privacy: uncheck “Use Tracking Protection in Private Windows” (because this feature requires Firefox to keep its list of tracking methods updated)
- Security: uncheck “Block dangerous and deceptive content” (because Firefox has to keep its list of these things updated, too)
- Security: uncheck “Block dangerous downloads”
- Security: uncheck “Warn you about unwanted and uncommon software”
- Sync: Don’t sign into a Firefox account here.
- Advanced > General: (no changes)
- Advanced > Data Choices: uncheck everything on this pane.
- Advanced > Network: (no changes)
- Advanced > Update: check “Never check for updates”
- Advanced > Update: uncheck “Use a background service to install updates” and “automatically update search engines”
- Certificates: (no changes)
- Hamburger > Add-ons > Gear Menu at the top: uncheck “Update Add-ons Automatically”
With the captive portal Preference set to false, and those UI-accessible changes made, close Firefox and restart it.
It’s better, but there are still some connections happening at startup:
These are far less problematic than the captive portal thing, but in the interest of making Firefox as quiet as possible, let’s figure out how to make these stop, too.
Go to about:config, and search for the string “self-repair.mozilla.org” and you’ll find this:
That’s the same hostname, but not the same URL. This turns out to be related to the “Heartbeat” user-survey function, as explained at https://wiki.mozilla.org/Advocacy/heartbeat, and doesn’t actually repair anything.
Delete the “value” for this preference (double-click the row, then just blank out the value). Then restart Firefox again. You should notice that those three requests don’t happen anymore. It’s actually pretty quiet!
I let the browser sit open again for ten minutes on the default blank tab, and there were no HTTP requests from Firefox this time.
There are still some connections that will happen automatically during a browsing session, just less often. If you want to catch these too, go to about:config and set all of the items below to “false”:
And set this to “true”:
And set this to zero:
And set this to the empty string:
And set these to the word “ignore”:
There. Now Firefox shouldn’t be polluting your Burp Proxy History with requests you didn’t make.
I put this all into a user.js file, which you can copy to the Firefox profile directory every time you set up a new testing VM, so you don’t have to remember and make all those changes by hand.
Remember, the only point here is to make Firefox quiet. This isn’t a “security” thing, and would actually be a pretty bad idea to install on the Firefox you use for daily browsing.
Get a copy of the file here: https://bitbucket.org/mrbbking/quieter-firefox and if you have ideas for improvement, the repo is there as well.
We think BB is pretty cool …but we might be biased.
Why not find out for yourself and take a class with him?
Available live/virtual and on-demand