US Department of State Appointment Scheduling System

For support with specific websites

Moderator: trava90

Forum rules
Please always mention the name/domain of the website in question in your topic title.
Please one website per topic thread (to help keep things organized). While behavior on different sites might at first glance seem similar, they are not necessarily caused by the same.

Please try to include any relevant output from the Toolkit Error Console or the Developer Tools Web Console using the following procedure:
  1. Clear any current output
  2. Navigate or refresh the page in question
  3. Copy and paste Errors or seemingly relevant Warnings into a single [ code ] block.
linuxrocks123
Moonbather
Moonbather
Posts: 50
Joined: 2015-12-14, 07:57
Location: Moon Base Alpha

US Department of State Appointment Scheduling System

Unread post by linuxrocks123 » 2022-11-16, 06:57

The US Department of State appointment scheduling system web page fails to load with "Secure Connection Failed". This is the URL:

https://evisaforms.state.gov/Instructio ... System.asp

I am on Pale Moon 31.3.1 on Linux. The website loads using the most recent Firefox version on Linux. The website does not load when I use Pale Moon but spoof a common Firefox Windows user agent. There was nothing in the console output, but using a URL request tracking extension revealed this odd behavior:

Code: Select all

(none) GET https://evisaforms.state.gov/Instructions/ACSSchedulingSystem.asp
(none) POST http://ocsp.digicert.com/
https://evisaforms.state.gov/Instructions/ACSSchedulingSystem.asp GET https://evisaforms.state.gov/TSPD/0883343043ab20005ecdcc7f373851dfdb4b538085b535f9bfc498ce21f8c29f5e17c771141f8856?type=10
(none) GET http://127.0.0.1:4444/
(none) GET http://127.0.0.1:4653/
(none) GET http://127.0.0.1:7054/
(none) GET http://127.0.0.1:7055/
(none) GET http://127.0.0.1:9515/
(none) GET http://127.0.0.1:5555/
(none) GET http://127.0.0.1:17556/
(none) GET https://evisaforms.state.gov/Instructions/ACSSchedulingSystem.asp
I don't know why the page is trying to load URLs from localhost. It seems suspicious.

I think this might be a good website to fix, because, unlike 99% of the URLs that don't work in Pale Moon right now, the cause here is almost certainly neither WebComponents nor the newer JavaScript standards that are already known to be unsupported in Pale Moon. This website is ancient. It references a minimum supported Internet Explorer version of 5.0 and minimum supported Netscape version of 6.2. I can't think of a good reason it wouldn't be working.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: US Department of State Appointment Scheduling System

Unread post by Moonchild » 2022-11-16, 07:25

Some websites make requests to localhost to probe for malware. It's a very controversial practice and IMHO of very limited use.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 938
Joined: 2017-12-14, 12:59

Re: US Department of State Appointment Scheduling System

Unread post by gepus » 2022-11-16, 09:55

@linuxrocks123

If you set Compatibility to Native in Preferences the site will load.
The site also loads if masking as Firefox 68.

linuxrocks123
Moonbather
Moonbather
Posts: 50
Joined: 2015-12-14, 07:57
Location: Moon Base Alpha

Re: US Department of State Appointment Scheduling System

Unread post by linuxrocks123 » 2022-11-16, 18:12

@gepus

I tried Native and Firefox 71 just now, but it still doesn't work for me. It's interesting that it does for you.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: US Department of State Appointment Scheduling System

Unread post by Moonchild » 2022-11-16, 20:40

Well, I checked with Qualys labs and even their SSL analysis software can't connect, so... I'm not sure what is going on with them but it seems to be very broken, and it's not limited to Pale Moon.

https://www.ssllabs.com/ssltest/analyze ... .state.gov
Attachments
FireShot Pro Screen Capture #354 - 'SSL Server Test_ evisaforms.state.gov (Powered by Qualys SSL Labs)' - www.ssllabs.com_ssltest_analyze.html_d=evisaforms.state.gov.png
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: US Department of State Appointment Scheduling System

Unread post by Moonchild » 2022-11-16, 20:50

So... this is rather funny actually.
It does load the first request, which returns a body which loads the attached javascript. This then triggers a reload of the same initial page which the server refuses by hard-closing the connection.
This javascript from casual inspection is doing the localhost connections and navigator checks (and probably UA checks), but it's also deliberately obfuscated with some common methods employed by malicious javascript to try and dodge detection. This kind of thing has absolutely no place on a governmental website and seems to be the brainchild of someone who thinks they are cleverly keeping out bad bots or clients, but in fact just making access to a governmental website problematic.
I don't have time to analyze and deobfuscate this. Needless to say whomever put this in place on a .gov site should be fired or at the very least have their responsibilities adjusted to no longer be in charge of public-facing web content.
Attachments
0883343043ab200001df717072dbbbb869dfe379ea8efa0430715d2d353e6459c947d8d303e47aad.js
(303.3 KiB) Downloaded 8 times
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
gepus
Keeps coming back
Keeps coming back
Posts: 938
Joined: 2017-12-14, 12:59

Re: US Department of State Appointment Scheduling System

Unread post by gepus » 2022-11-16, 21:35

I checked right now after reading the replies.
Indeed odd. This time it didn't work with the native UA but it did work masking as Firefox 68.
Attachments
ACS.png

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35475
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: US Department of State Appointment Scheduling System

Unread post by Moonchild » 2022-11-16, 23:52

Yup, masking as Firefox 68.0 does seem to work.
Create a new preference called:
general.useragent.override.evisaforms.state.gov
And use the following value:

Code: Select all

Mozilla/5.0 (%OS_SLICE% rv:68.0) Gecko/20100101 Firefox/68.0
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Sablesword
Hobby Astronomer
Hobby Astronomer
Posts: 18
Joined: 2017-04-01, 06:50

Re: US Department of State Appointment Scheduling System

Unread post by Sablesword » 2022-11-18, 11:14

Moonchild wrote:
2022-11-16, 23:52
And use the following value:

Code: Select all

Mozilla/5.0 (%OS_SLICE% rv:68.0) Gecko/20100101 Firefox/68.0
Ignorant question here. Should the value literally contain %OS_SLICE% or should we replace %OS_SLICE% with the appropriate value for our operating system?

And if the latter, is there a list somewhere of what %OS_SLICE% should be for various operating systems?

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2183
Joined: 2018-05-05, 13:29

Re: US Department of State Appointment Scheduling System

Unread post by vannilla » 2022-11-18, 11:46

Sablesword wrote:
2022-11-18, 11:14
Ignorant question here. Should the value literally contain %OS_SLICE% or should we replace %OS_SLICE% with the appropriate value for our operating system?

And if the latter, is there a list somewhere of what %OS_SLICE% should be for various operating systems?
%OS_SLICE% is fine to leave as-is. Just copy the string as provided by Moonchild.
Also not-really-hidden self-promoting, but you can manage user agents overrides through sasuga if you don't want to fiddle with about:config.

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: US Department of State Appointment Scheduling System

Unread post by moonbat » 2022-11-19, 02:28

Sablesword wrote:
2022-11-18, 11:14
should we replace %OS_SLICE% with the appropriate value
No, it is not for you to worry about. It gets automatically replaced with your current OS details as required for a user-agent.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

Locked