Whalebone blog

Online Translators – How Safe Are They? | Whalebone

Written by Whalebone | 2.1.2023 23:00:00

The Internet is a global tool used by people from the whole world. They interact with each other, no matter where they are. Sometimes you find out the information you are looking for is not published in your language. A great tool for such a situation is an online translator.

Typically, translators process a text put into the translator’s page. Many of them can even translate various file types. Some online translators can even translate whole websites. In this blog we will discuss whether such service can be abused to bypass security measures. Imagine, you have applied a domain blocking on your DNS traffic and you receive an unsolicited message with a link generated by some of the website online translators that points to a domain to be blocked.

Let’s look at the most famous one – Google Translator.

For that purpose we put a perfectly serious website domain thetimes.co.uk on a resolver’s deny list, so it is not possible to access it directly.


Now, we can try to access it via translate.google.com.

The content of the page is suddenly visible. It is because the page is accessed via a completely different domain under translate.goog domain – thetimes-co-uk.translate.goog. Depending on the website’s configuration, some images can be visible as well.

Next, it would be interesting to see whether information put into a form on such a website is forwarded through the translation service to the origin domain.

In order to test how the translator handles information filled in a form we can try the login page on login.thetimes.co.uk.

 

After filling in the correct login credentials, it can be seen that the form does not work. It is because the action associated with the button sends the request directly to the origin domain.

The same can be seen when trying to download a binary file on a website.

 

The link for download has not been modified and still refers to the origin domain. It is actually a good result and very safe behavior. That means that the service can’t be abused by a malware distributor.

Test #2

Let’s look at yet another online website translator tool developed by Yandex. First, we will try to access the same website.

It can be seen that the hosting domain of all translated pages is translated.turbopages.org. Now, let’s try to test to fill in a form. During this test, the origin website domain was already on the resolver’s deny list.

The form is again submitted towards the origin domain which is an expected behavior.

The results of the tests are very similar. A textual content can be visible, sometimes even media (like images, if hosted out of the origin domain), data in forms are not intercepted as well as downloadable links are not proxied. A slight difference is that the Yandex directs the downloads towards the service and the service returns a redirect status with a reference to the origin.

However, be very careful. All these services are cloud services and can modify its behavior, and there can be added any code to such websites. You should not put any sensitive information on them.

 

Conclusion

We have briefly tested how safe it is to click on links that are produced by online website translators. It can be said that the online translators try to behave responsibly and safely – both forms submissions and downloads are not proxied so the information is not intercepted, at least not as a part of the regular HTTP flow. Anyway, a rule #1 is to not fill any information into a page that is not accessed on the origin website domain.

What deserves a bit more attention is handling of undesired content. It can be accessed even though the origin domain is blocked. Whalebone puts every effort to apply the content filtering, regardless of the way it is accessed. Anyway, Google Translator’s implementation is far more secure.