Bank blocks Sidki filters

[JJoe]

(Nov. 12, 2009 02:25 AM)ramsy Wrote:  

Quote:HTTP/1.0?
Can you enable 1.1?

How is this accomplished.

I'm not sure. I haven't used the latest versions of Firefox.
I'll guess the option is under Settings on the Network tab,
http://support.mozilla.com/en-US/kb/Opti...etwork_tab

I'm not saying that this will solve this problem.
Just trying to help.

I have read the warning about "sites that use on-the-fly authentication (application/ocsp-response)", http://prxbx.com/forums/showthread.php?tid=1255 .

Is it always
Firefox>Proxomitron>Privoxy>Tor>Bank
?

[ramsy]

CHASE & Proxo SSL login works with IE 7.0.5730.13, whereby Proxo calls:
BlockList 247: in User-Agents, line 40

--After some IE SSL Errors that were manually added.--

CHASE & Proxo SSL login fails with Firefox, whereby Proxo calls:
BlockList 247: in User-Agents, line 45, as shown below:

From Proxo User-Agents file:
line 43: ## If Mozilla:
line 44: ## ----------------------------------------------------------------------------
line 45: Mozilla/5.0(^$TST(keyword=*.f_ua_(^[a-z]++moz)*))(*(; rv:*Gecko/[#*:*]
line 46: ( Firefox/[#*:*].[#*:*]$SET(3=.9.9)|)|\)(*Gecko/[#*:*]|))\2|$SET(2=\)))
line 47: $SET(1=Mozilla/5.0 \(Windows; U; Windows NT 5.1; en-US\2\3)

Is there an issue with my Firefox Help/About version info. below:

"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"

---

(Nov. 12, 2009 05:41 AM)JJoe Wrote:  Re: Can you enable 1.1?

No such option exists in either Firefox or IE Settings

(Nov. 12, 2009 05:41 AM)JJoe Wrote:  Is it always Firefox>Proxomitron>Privoxy>Tor>Bank

Have not tried Tor/Privoxy/Vidalia after updating Proxocert.pem It seems CHASE SSL login issue is isolated to Firefox, since IE login works with Proxo.

[JJoe]

(Nov. 12, 2009 05:26 PM)ramsy Wrote:  Is there an issue with my Firefox Help/About version info. below:

"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"

---

??.
Try adding

Code:

([^/]++.|)chase.com: $SET(0=i_ua:0.)

to $LST(IncludeExclude-U) or equiv.

(Nov. 12, 2009 05:26 PM)ramsy Wrote:  

(Nov. 12, 2009 05:41 AM)JJoe Wrote:  Re: Can you enable 1.1?

No such option exists in either Firefox or IE Settings

Looks like Firefox has it enabled by default.
In the Filter field of About:config type proxy.version
, http://kb.mozillazine.org/About:config .
Result should be one line "Network.http.proxy.version"
, http://kb.mozillazine.org/Network.http.proxy.version .
This can also be set by User.js,
http://kb.mozillazine.org/User.js_file .

In IE it should be on the Advanced tab of Internet Options under
HTTP 1.1 settings, I think.

HTH

[ramsy]

(Nov. 12, 2009 10:17 PM)JJoe Wrote:  

Code:

([^/]++.|)chase.com: $SET(0=i_ua:0.)

to $LST(IncludeExclude-U) or equiv.

This works OK in IE, but still no help in Firefox.

Proxo log window & Debug page shows different filters for java & cookie control between these browsers. Too much to isolate which Firefox specific function or omission breaks the CHASE login.

If there's no other advantage to the IncludeExclude-U code vs User-Agents Line: 45, perhaps I should be satisfied with my host file entry for "doubleclick.net" and just add [^/]++chase.com to Proxo's "bypass list.txt"?

(Nov. 12, 2009 10:17 PM)JJoe Wrote:  Looks like Firefox has it enabled by default...

Many thanks, About:config type proxy.version

network.http.proxy.version;1.1

Also found, IE Advanced tab / Internet Options / HTTP 1.1 settings

1.1 selected

Since current logs reference HTTP 1.1, I believe the earlier HTTP 1.0 was a function of Vidalia/Tor/Privoxy, not currently running.

[ProxRocks]

my apologies for remembering this so late into this discussion - i was reminded of it when you said you'd bypass Proxo for Chase, i try NEVER to bypass Proxo...

here is my current IncExc-U entry for Chase:

Code:

# Chase
[^/]++.chase.com[:/]
    $SET(0=so.half-ssl-mod.rev_link.a_tpi.a_code.a_jslink.i_script:0.i_spoof:0.)
    $SET(1=cookie_b:0.cookie_s:1.)
    $SET(sAdKey=.grayTextSm.)

can't say as i "remember" why i've got the sAdKey entry there...
the "so" is a Super-Opener (which i no longer use anyway, it broke more than Chase)...

the VITAL entry is the "half-ssl-mod" entry!!!

you need to use a "different" half-ssl method for Chase - i wish i would have pointed it out sooner, sorry

here is the "modified" half-ssl filter:

Code:

In = TRUE
Out = FALSE
Key = "Location: 4b Half-SSL     9.04.10 (cch!) [jjoe] (d.2) (In) [add]"
URL = "$TST(keyword=(*.half-ssl-mod.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"

i have it placed AFTER "Location: 4 Yahoo Login/Interrupt Relocator" and BEFORE "Location: 5 Half-SSL"... (i'm using sidki's 2/13/09 with 6/6/09 updates)...

ironically, Chase is the ONLY site in my IncExc-U using this "modified" half-ssl method...

[JJoe]

(Nov. 13, 2009 09:16 AM)ramsy Wrote:  If there's no other advantage to the IncludeExclude-U code vs User-Agents Line: 45, perhaps I should be satisfied with my host file entry for "doubleclick.net" and just add [^/]++chase.com to Proxo's "bypass list.txt"?

The set may modify the user-agent header.
The IncludeExclude-U entry was to allow the actual header to be sent.
Since it still doesn't work, there is probably no reason to use the entry.

You could try one of the set's other lesser modes (edit: I now see that you had already tried).

As to doubleclick.net or bypass,
I can't see why 'doubleclick' works and I'm not a fan of filtering banking...

Looking at ProxRocks post,
Is the set not converting a Location header?

(Nov. 13, 2009 09:16 AM)ramsy Wrote:  Since current logs reference HTTP 1.1, I believe the earlier HTTP 1.0 was a function of Vidalia/Tor/Privoxy, not currently running.

Could be Privoxy.

http://www.privoxy.org/user-manual/actions-file.html Wrote:8.5.13. downgrade-http-version

Typical use:

Work around (very rare) problems with HTTP/1.1
Effect:

Downgrades HTTP/1.1 client requests and server replies to HTTP/1.0.
Type:

Boolean.
Parameter:

N/A
Notes:

This is a left-over from the time when Privoxy didn't support important HTTP/1.1 features well. It is left here for the unlikely case that you experience HTTP/1.1 related problems with some server out there. Not all HTTP/1.1 features and requirements are supported yet, so there is a chance you might need this action.
Example usage (section):

{+downgrade-http-version}
problem-host.example.com

I don't remember seeing HTTP 1.0 in the logs but I only used Privoxy for socks.

[ramsy]

(Nov. 13, 2009 09:41 AM)ProxRocks Wrote:  i try NEVER to bypass Proxo...
here is my current IncExc-U entry for Chase:

Code:

# Chase
[^/]++.chase.com[:/]
    $SET(0=so.half-ssl-mod.rev_link.a_tpi.a_code.a_jslink.i_script:0.i_spoof:0.)
    $SET(1=cookie_b:0.cookie_s:1.)
    $SET(sAdKey=.grayTextSm.)

here is the "modified" half-ssl filter:

Code:

In = TRUE
Out = FALSE
Key = "Location: 4b Half-SSL     9.04.10 (cch!) [jjoe] (d.2) (In) [add]"
URL = "$TST(keyword=(*.half-ssl-mod.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"

Many Thanks ProxRocks,

With your $LST(IncludeExclude-U) entry for #Chase, and 4b Half-SSL filter placed between key location 4 & 5 of my "default.cfg", caches cleared & Proxo reloaded, IE still logs in OK, but no help with Firefox, either STD or Minimal modes on sidki's 2/13/09, with no reference to further updates.

I thought I ran Sidki's updates in July-2009, but later updates are not displayed in Proxo's directory or "default.cfg"

However, monitoring Proxo's log window shows no references to the "modified" half-ssl above, and Proxo still calls:
BlockList 247: in User-Agents, line 45

Which references this User-Agents entry below:
line 45: Mozilla/5.0(^$TST(keyword=*.f_ua_(^[a-z]++moz)*))(*(; rv:*Gecko/[#*:*]

[ProxRocks]

that's interesting...

it works for me in Firefox, BUT i am EXTREMELY paranoid when it comes to Firefox - it "attempts" SEVERAL communication links by opening several UDP ports... i DENY those ports (via Comodo firewall version 2.4.18.184)...

i REFUSE to allow Firefox ANYTHING outside of a UDP in and out "to and from" Proxo and a UDP 8080...

ANY web browser that feels they need "more" than that should NOT be trusted, in my opinion...

[ramsy]

(Nov. 14, 2009 07:05 PM)ProxRocks Wrote:  it works for me in Firefox, BUT ..via Comodo firewall ..i REFUSE to allow Firefox ANYTHING outside of ..UDP 8080... ANY web browser that feels they need "more" than that should NOT be trusted, in my opinion...

Your case for caution was made in 2006, when Consumer Reports magazine investigated the billion dollar industry of professional pretextors, which CR described as agressive, deceptive, completely unregulated, for hire by anyone, for any purpose, including documented murder by one private client.

The bottom of this fully referenced web page shows the lucrative markets for credential theft to exploit illegal laborers, and links to CR's investigative reports.

BTW
Any pointers for others using Comodo firewall, for writing a rule to disable the privileged ports, except for Tor of course?

[ProxRocks]

they need blocked "manually" from what i've seen...

[ramsy]

Today's news also convinced me to change bank passwords, and block Firefox ports, except 8080. No problems browsing after doing so.

Huge 'botnet' amputated, but criminals reconnect
http://www.physorg.com/news187509290.html

New phish twist directs Craigslist users to fake eBay site
http://www.physorg.com/news187516259.html

Anyone care to comment on my procedure below?

Blocking Firefox ports except 8080, using COMODO firewall
1) from Firewall Tasks / Advanced Tab / "Predefined Firewall Policies"
2) Select "Web Browser" then Edit tab.
3) Select "Allow outgoing HTTP Requests" then Edit tab.
4) Change Protocal: to "TCP or UDP"
5) Select "Source Port" tab.
6) Click "A Single Port" and change Port: to "8080"

[ProxRocks]

it's been "ages" since i've tried the 'newer' Comodo (i'm still on, and prefer, v2.4.18.184)...

i'll give the 'newer' another try in a VirtualBox o/s and see if it's improved any...
it's kinda been on the to-do list for a while anyway...

[ProxRocks]

that's an IMMEDIATE uninstall...
i shouldn't have to jump through so many hoops to set up port-specific firewall rules...

why in Hades Comodo went down the path they did is way beyond me...
(actually, i know "why" they did it, to make it "easier" for people like my GRANDPARENTS that don't do any "computing" outside of SOLITAIRE...)

[ramsy]

(Mar. 12, 2010 04:57 PM)ProxRocks Wrote:  it's been "ages" since i've tried the 'newer' Comodo (i'm still on, and prefer, v2.4.18.184)...

10yrs since I changed my online banking password, glad I did it.

I don't include COMODO Anti-Virus engine at install. Although virus cleaner is added to v4.x, definition updates are not possible from a dial-up.

Here's Comodo version history, 2.0 - 3.X:
http://en.wikipedia.org/wiki/Comodo_Firewall_Pro

Latest version history 4.0.1x
http://www.filehippo.com/download_comodo/changelog/

---

(Mar. 12, 2010 05:49 PM)ProxRocks Wrote:  i shouldn't have to jump through so many hoops to set up port-specific firewall rules...

Ya, GUI crazy, but newer version keep pace with "Host Intrusion Prevention Systems (HIPS)" and secure DNS's with built-in RBL. No more Host file buggering required.

[ProxRocks]

HIPS is over-rated, imo...
so long as firewall rules are "parent-dependent", then there is no "need" for HIPS...

secure DNS, guess i don't see the "need" for that either (i'm using OpenDNS)...