Simple way to go around Kaspersky Safe Kids and open blocked sites. Inspect Element.

[Bramandin]

Warning! if you are one of the people who use Kaspersky Safe Kids to protect yourself from any content for any reason, stop reading now! After you read this, there is no going back, KSK is useless for you, unless someone offers a solution in this thread.

Hello everyone. I use KSK to protect myself from certain content on the internet due to lack of willpower (addiction) and I recently found a way to go around KSK and access any content I (you) desire, while KSK is set to block that content.
This would not be my first time of finding such an exploit, but this time I am unable to “plug the leak” on my own. I am at my wits end.

Namely, I’m using “web Activity Monitoring” in KSK, and I have it set up to “ Block all websites apart from exclusions “. Lets say I was to “Allow”  only one single random site, such as news site, and I went and right clicked, almost any, advert on that site and clicked Inspect Element in Chrome (or just “Inspect” in Firefox) and replace the hyperlink of that embedded advert with tthe following link “https://www.bing.com”, a tiny window that holds the add would now be displaying Bing site, perfectly loaded and working.
Mind you, this works on both Mozilla and Chrome, and so far I’ve managed to acess only Bing search engine in this way. Google won’t load.

From then on it’s free cruising. You search the web (almost) as normal, even tho every single site you’re watching should be blocked. But KSK just ignores almost anything that goes through that little window (the add slot).
Btw, the add window that now holds Bing can be expanded by changing vertical and horisontal length in the page code and now you’re having no KSK with standard size browser.

I hope I explained my problem clearly and I’m sorry you had to read so much, I couldn’t explain it more concise. As things stand now, I’ll have to stop using internet completely and go live in exile of the real world, unless someone helps here. Thank you all for reading.

 

 

Edit: included screenshots.

[Flood and Flood's wife]

Hello @Bramandin, 

Welcome!

• Please Read before you create a new topic!
• In Firefox, we modified the source of the ad on the gw2efficiency page with the bing replacement you proposed, however, we cannot replicate the issue - see attached iframe original & iframe bing mod 

Questions:

1. Please provide the information detailed in the tutorial by @Danila T. ? 
2. If you’re using KSK to modify your behaviour, presumably you have access to & use the parent account, if that’s correct, what’s to stop you removing any rules you’ve applied? 
3. In KSK, have you applied any rules for bing? 
4. Is KSK Premium or Free? 

Please let us know?

Thank you🙏

Flood🐳 +🐋

[Bramandin]

Hey @Flood and Flood's wife , thank you for responding and taking the effort to guide me.

To provide the requested information:
1.
-Version of my operating system is Windows 7 version 6.1 (altho I’m convinced this method would work regardless of operating system)

-Version of the application: for KSK finding the program version seems to be different from the program in provided guide. I believe I found it even tho it doesn’t state this code as “version” in “about” tab of KSK installed program. It is: 1.0.5.9008(k)/3261530

2. What’s to stop you from removing any rules you’ve applied?

There are many ways to handle this issue. The one I use is: I hold my password in an online email of an email provider which is not allowed for viewing on my laptop. When I want to modify my KSK settings, I have to walk to the nearest internet cafe, log-in on my email, take the 20+ digit gibberish password and log in to my.kaspersky web page to edit settings.
There are other ways also. All that is important is to keep your password in a secure location outside your home. The further away the better.

You are free to doubt the efficacy of this method, but I guarantee it will put a wrench in the plans of even the most diehard addict.

3. In KSK, have you applied any rules for bing? 

Yes. KSK is set to block all internet content other than a handful of sites. Bing not being among those handful of sites, meaning it should be blocked with the rest (99.99%) of the internet. Screenshot provided for how it looks when I try to connect to Bing “the normal way”.

4. KSK is free. I hope this doesn’t mean you can’t help me :(

 

Notepads are provided with original iframe and modified iframe to show Bing. BTW site doesn’t have to be gw2efficiency. I found it even easier to open bing in this maner on any site that has any level of “Discord” integration. Those iframes are even easier to hijack.

 

Edit: I want to point out one more thing when trying to replicate this issue. It’s different for every add. If advert is changed, the way that part of the site looks in the code changes also. It’s not only the exact link that you paste over “http://www.bing.com” that changes. So for every new iframe I test, I have to dig around for about 30 seconds before I find the exact link that needs to be pasted over/edited.

[Bramandin]

As it may be a bit difficult to replicate this issue because of the changing nature of adverts, based on user and location. I thought I’d provide an easier, more straight forward way of replicating it.

Writing in separate post because previous post is already bloated.

The site in question is: “metabattle.com/wiki/MetaBattle_Wiki” and I am using a Discord integrated iframe.

And thank you again @Flood and Flood's wife for reading.

[Flood and Flood's wife]

Hello @Bramandin,

You’re most welcome!

Thank you for the information, the images & the additional option, that was most helpful. 

Just to be clear, we have no doubts, nor judgements, we’re simply trying to understand, how having access to the parent account & managing a KSK child profile works. Your explanation makes sense, thank you for taking the time to explain. 

We’ve created a video of our results:

Link

 

Please let us know the following:

1. Which age (birth year) has been configured?
2. In Web activity monitoring, which Categories are Forbidden? 

Thank you🙏

Flood🐳 +🐋

[Bramandin]

​

 

Thank you again for taking the time to respond and make the video, and please don’t thank me. I would spend any amount of time or work to make this work out, as I stand to gain immense quality of life from this.

To answer your queries:

1.Age configured is 19 at the moment (that’s the number showing on the site)

2.I’ll include a screenshot of my settings, but all categories are allowed.
I realize my settings may be a bit hard to “wrap ones head around”. I actually consider all search engines unsafe and have them blocked (not excluded from the blanket “Block all sites”), since I’ve always managed to leverage them to subvert KSK in some way. My settings are thus set to “Block all Websites” with no search engines Allowed (I mostly utilize "Allowed" sites list). Screenshot should explain it.

I would like to point out a couple of things.

    To ‘get the most out of’ this exploit, you must dissable the “Open in New Tab” slider option just below the search bar (once you input your first search query it becomes available). This will make websites actually open, inside the exploited iframe.

(in the video it was not set up accordingly). Screenshot provided shows how it enables me to open a Wikipedia page.

​