Feb. 08, 2005, 07:53 PM
Feb. 09, 2005, 05:33 AM
A fix posted on MozillaZine.org for Firefox:
My two Proxomitron filters:
KevinMillican Wrote:A simpler way of fixing this is as follows :-
1. Install the Adblock Firefox extension.
https://update.mozilla.org/extensions/morei...s=Windows&id=10
2. Look at the Adblock 'Preferences' and go to 'Adblock Options'
3. Tick 'Site Blocking'
4. Add the following filter :-
/[^\x20-\xFF]/
This will block any URL that uses characters outside the normal ASCII range.
My two Proxomitron filters:
Code:
[Patterns]
Name = "IDN "xn--" URL Remover [Kye-U]"
Active = TRUE
URL = "(*.|)xn--"
Limit = 1
Match = "?"
Replace = "\k"
"<b><font face="sans-serif" color="Red" size="6">Connection Killed - Proxomitron</font>"
"<br><br><font face="sans-serif" color="Red" size="3">This is an <b>IDN Spoofed</b> Site!"
"<br><br>Real URL: \u</font></b>"
Name = "Spoofed Address Exploit [Kye-U]"
Active = TRUE
URL = "(^$TYPE(css))"
Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
Limit = 1024
Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|&#)0[01])+{1,2})))[^/]++[@|%40]\2"
"|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
"|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
"|\0://(\w.|)\w(&#*;|%[a-z0-9][a-z0-9])\w.([a-z]+{2,4})*"
"|\0://(*|)xn--*.([a-z]+{2,4})*"
"$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
""
"http://www.securityfocus.com/bid/10517/info/"
"http://secunia.com/advisories/10395/"
"http://www.securityfocus.com/bid/10532/info/)"
Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
"$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"Feb. 09, 2005, 03:31 PM
Thanks for the filters. Will come in handy when I'm not using IE. 