The Un-Official Proxomitron Forum
Bank blocks Sidki filters - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Config Sets (/forumdisplay.php?fid=43)
+--- Forum: Sidki (/forumdisplay.php?fid=44)
+--- Thread: Bank blocks Sidki filters (/showthread.php?tid=1524)

Pages: 1 2 3


Bank blocks Sidki filters - ramsy - Nov. 06, 2009 05:21 AM

On Oct 25, 2009 Washington Mutual bank data processing was finally moved to its take-over system at Chase National Bank. The new system refuses login unless Proxo is bypassed. Chase technical support claims customers must disable their security software, and rely on Chase SSL natively.

My bank account login password was required to log the Chase SSL session, which shows customers tracked with doubleclick.net, and other nefarious third parties. Does anyone else have an account at Chase National Bank, to help find out how Chase breaks Proxo and Siki's filters during this SSL session.

During SSL login
https://chaseonline.chase.com:443/

Proxo Default config - Sidki filter set.
STD, light, and ultralight modes tested

HTTP/1.0 200 Connection established
HTTP/1.0 Proxy-Agent: Privoxy/3.0.6
SSL Verify: [2:22209944] error number 22209944
RedirectTo: http://local.ptron/killed.gif
RESP 34 : Connection killed: Favicon Error: 404 Not Found

Must Bypass Proxo. to eventually login to accounts

With Proxo Bypass selected, Windows & Firefox cach's cleared
Using Proxy - localhost:8118
SSL Pass-Thru: CONNECT https://chaseonline.chase.com:443/

Successful login with Native unfiltered SSL

Other activity
- Accomplished SSL login with Proxo bypassed and Privoxy filtering using Vidalia/TOR

+++SSL 414:+++
SSL Pass-Thru: CONNECT https://fls.doubleclick.net:443/
HTTP/1.0 403 Request blocked by Privoxy
SSL Pass-Thru Failed!
+++CLOSE 414+++


RE: Bank blocks Sidki filters - Siamesecat - Nov. 06, 2009 06:16 AM

What happens if you use some other means to block Doubleclick, such as a Hosts file or a browser add-on such as Adblock Plus or Safari Block?
You could at least limit Doubleclick's tracking abilities as far as cookies go, if you use Firefox or IE, by specifically blocking them. With Firefox, you can also disable sending a referer when loading images (such as ad banners).


RE: Bank blocks Sidki filters - ramsy - Nov. 06, 2009 02:56 PM

(Nov. 06, 2009 06:16 AM)Siamesecat Wrote:  What happens if you use some other means to block Doubleclick, such as a Hosts file.


host file did the trick from my WinXP system.

C:\WINDOWS\system32\drivers\etc\host
- Added the doublclick.net reference below:
127.0.0.1 doubleclick.net

Reboot system, clear caches, Login to bank

Proxo Log file shows doubleclick.net passthru

Many thanks Siamesecat. Now Proxo & all Sidki filters are enabled, during SSL login to my bank accounts.

PS:
Any clue to reducing Proxo. PopUp windows for SSL verifying?
I had to click OK about a hundred times for to allow Proxo Warnings for the SSL connections.

Many Thanks


RE: Bank blocks Sidki filters - whenever - Nov. 06, 2009 03:33 PM

(Nov. 06, 2009 02:56 PM)ramsy Wrote:  Any clue to reducing Proxo. PopUp windows for SSL verifying?
I had to click OK about a hundred times for to allow Proxo Warnings for the SSL connections.

Does the "Allow for sessions" button help?


RE: Bank blocks Sidki filters - ramsy - Nov. 07, 2009 05:10 AM

(Nov. 06, 2009 03:33 PM)whenever Wrote:  Does the "Allow for sessions" button help?

My second bank login invoked only three Proxo "SSL cert verifiy errors", rather than 100+ for the previous session. "Allow for Session" worked fine on all three.

There were only two of Proxo's "This Connection is Untrusted" that required special exceptions to be added.

Can this process be streamlined by enabling half SSL filters in Proxo?


RE: Bank blocks Sidki filters - Kye-U - Nov. 07, 2009 11:03 PM

I realize this is an off-topic post, but I'd be highly skeptical of using any bank that implements DoubleClick and other third-party trackers.


RE: Bank blocks Sidki filters - ProxoDent - Nov. 08, 2009 12:17 AM

(Nov. 07, 2009 11:03 PM)Kye-U Wrote:  I realize this is an off-topic post, but I'd be highly skeptical of using any bank that implements DoubleClick and other third-party trackers.

And rightly so.

But if your comment implies (I can't tell) that this is unusual behavior for banks, it is not.

Just a few examples:

- Bank of America uses Coremetrics and redirects from the now-owned-by-Bank-of-America, Countrywide, uses Omniture.

- Capital One uses Microsoft Atlas

- Wachovia uses Media6 Degrees

- Citibank uses Omniture

- NationalCity / PNC uses GoogleAnalytics and WebTrends

- Regions uses WebTrends

Examples of banks that don't use these third-party trackers exist, but I'm sure many others not listed here do use them as well.

So, if you happen to choose your bank based on criteria other than how they have designed their web presence (even perhaps you've been a client before web-banking existed), then you are SOL. Smile!


RE: Bank blocks Sidki filters - ProxRocks - Nov. 08, 2009 01:05 AM

i've noticed this behavior with some "secure" sites in the past as well...
"filtering" 'secure' sites is now all but a MUST in my opinion...

i've heard people say to NOT use Proxo for their online banking - i say HOGWASH and never "bypass" Proxo!...

Long Live Proxo!


RE: Bank blocks Sidki filters - ProxoDent - Nov. 08, 2009 01:25 AM

(Nov. 08, 2009 01:05 AM)ProxRocks Wrote:  i've noticed this behavior with some "secure" sites in the past as well...
"filtering" 'secure' sites is now all but a MUST in my opinion...

i've heard people say to NOT use Proxo for their online banking - i say HOGWASH and never "bypass" Proxo!...

Long Live Proxo!

My take on it is that you've already willfully given over your finances and all the personal information that goes along with that to the bank. And they are screwing you every-which-way they can, including selling off your history to third-parties, whether you visit their website or not. So, what's a tracking cookie or web-bug matter in light of all that?

I guess I'm more paranoid about doing financial transactions on a possibly (undetected) broken page, so I don't use Proxo + SSL (breaking YouTube by accident doesn't really bother me). I do, however, leave my hosts file enabled when visiting my banking sites, so go figure. Smile!


RE: Bank blocks Sidki filters - ramsy - Nov. 08, 2009 08:08 PM

I take it then half-SSL is not recommended, and no shortcut is advised for manually approving all those SSL verify pop-ups.


RE: Bank blocks Sidki filters - ProxRocks - Nov. 08, 2009 10:23 PM

i HIGHLY recommend half-ssl...

it doesn't change the communication link between your computer and your bank's server, it only changes the link "within" your computer, "between" your web browser and your network card...


if you don't want to "filter" your SSL content, that's 'your call', you can half-ssl via "header filters" but then bypass all of your "webpage filters"...


RE: Bank blocks Sidki filters - ramsy - Nov. 10, 2009 05:18 AM

(Nov. 08, 2009 10:23 PM)ProxRocks Wrote:  if you don't want to "filter" your SSL content, that's 'your call', you can half-ssl via "header filters" but then bypass all of your "webpage filters"...

Thanks ProxRocks.
Is there a way to filter SSL without all those anoying "SSL cert verifiy errors", or some place to reference the proper SSL certs file?


RE: Bank blocks Sidki filters - ProxRocks - Nov. 10, 2009 01:15 PM

with half-ssl, you should only get that error "once"...
that's what i keep hearing, anyway...

me personally, i've *never* seen that cert error (unless i'm "testing" new proxcert.pem files or testing different half-ssl schemes)...

i'm currently using the proxcert.pem file posted on Yahoo - http://tech.groups.yahoo.com/group/prox-list/files/SSL/ -> proxcert_20090925.zip


there are SEVERAL of these files posted in very trustworthy Proxo forums - i get mixed results from one to the next... it seems this file is pretty picky from one computer to the next, shouldn't be, but seems to me that it is...

you might have to look into "rolling your own"...


RE: Bank blocks Sidki filters - JJoe - Nov. 10, 2009 05:17 PM

There are at least three possible SSL errors or warnings.

1. Browser complaining about the Proxomitron. Half-SSL may fix this.
2. Browser complaining about the site's certificate. Half-SSL may fix this.
3. The Proxomitron complaining about the site's certificate. Half-SSL will not fix this. We can't fix all of these.

Have you updated certs.pem, http://sidki.proxfilter.net/prox/ssl-stuff/certs.zip ?

http://sidki.proxfilter.net/prox-ssl.html Wrote:Database of certificate authorities which Proxomitron should trust. It was extracted from the Internet Explorer 6 registry after merging a regular root certificate update (January 9, 2007). Extract and copy "certs.pem" to Proxomitron's directory.

Quote:HTTP/1.0

HTTP/1.0?
Can you enable 1.1?

HTH


RE: Bank blocks Sidki filters - ramsy - Nov. 12, 2009 02:25 AM

(Nov. 10, 2009 05:17 PM)JJoe Wrote:  Have you updated certs.pem, http://sidki.proxfilter.net/prox/ssl-stuff/certs.zip ?

Already using (January 9, 2007) "certs.pem", but downloaded your link and overwrote the old one anyway.

Earlier last night after replacing "proxcert.pem" with "http://tech.groups.yahoo.com/group/prox-list/files/SSL/ -> proxcert_20090925.zip, my bank login broke Proxomitron again.

Tried to roll my own "proxcert.pem" from "proxcert-MakeCert.bat" and found my bank login https://chaseonline.chase.com/ still refreshes the login page after proper user name & password are submitted. Same user & Pass. work fine with Proxomitron Bypassed.

Changing parameters in "proxcert-MakeCert.bat" had no effect, however, other SSL logins are working fine.

doubleclick.net remains redirected from my hosts file.

Quote:HTTP/1.0?
Can you enable 1.1?

How is this accomplished.