Post Reply 
Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
Oct. 17, 2011, 12:42 AM
Post: #7
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 16, 2011 11:17 PM)ProxRocks Wrote:  "how" ?

I don't know about Proxo. It's something I inforce in my proxy, which is not Proxo.

You know there's a lot of open ("public") proxy instances out there. For normal SSL they might receive something like:
Code:
CONNECT www.example.com:443 HTTP/1.1
At that point the proxy would connect to that remote host's port :443 and begin a blind tunnel operation whereby (probably) encrypted content flows both ways.

But now consider when one of those proxies receives something like this:
Code:
CONNECT 127.0.0.1:445 HTTP/1.1
If the open proxy is stupid (many are) then the remote user will have an open channel for Microsoft-DS file sharing within the PC that the proxy's running on.

A more connom scenario would be something like:
Code:
CONNECT www.example.com:25 HTTP/1.1
Spammers love to relay through open proxies when they can, and the proxy's operator gets blamed for it.

I consider TCP port :443 to be strictly for SSL CONNECT and deny (block) its use for non-SSL. Then I restrict the SSL CONNECT to only port :443, with an exception list for a few destinations in a non-standard usage. An example exception would be where I allow tunneling of MS Messenger IM on :1863. Another example would be one of my routers that I can access its configuration with SSL via a non-standard port.

If, as in this case, some Yahoo page generates a non-SSL GET request to port :443, then I just say no. Activity like that would often be for malicious intent. But in Yahoo's case it's probably bugs in some HTML generator they wrote & recently modified.

An HTTP GET is not a CONNECT, even if it misleadingly specifies :443
Code:
GET login.yahoo.com:443/?.intl=us HTTP/1.1

I only brought this up in case it has something to do with the issues you're having with Yahoo login.
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s) - Graycode - Oct. 17, 2011 12:42 AM

Forum Jump: