Search
Member List
Calendar
Help
|
JakxPack IV download
|
|
Mar. 11, 2004, 10:49 PM
Post: #61
|
|||
|
|||
Shea Wrote:Jak:I'm sure that the filter MUST contain some Javascript code in the Replacement Text area. We can't use a similar method used for the Display IP Address in Title Bar filter. If we do, it'll only show 1asphosts's server IP. |
|||
|
![[-]](images/ONi/collapse.gif)
|
Mar. 12, 2004, 07:18 AM
Post: #62
|
|||
|
|||
|
Good Points "Guys",
I hadn't thought about how the filter would only reflect the IP addy of 1asphosts's server. I was just thinking how "cool" it would be to have a filter that would reflect a server's own IP addy as the X-Forwarded-For or Client IP from the "Pack". I was thinking of maybe trying to come up with a filter that would capture the URL and run a local file that would resolve the IP, then have it appended to a log file that would create a blockfile list and have the X-Forward or Client IP filter "forward' it back to the site. Now that we all have learned that Proxo will use an index.dat file to read and write to, maybe we could set it up to read from a text file like the one in the OutPost firewall, that has the "DNS Caching" feature. The firewall already Caches the resolved URL/IP after that it queries Your ISP's DNS server. Maybe we could utilize that log file as another PRoxo resource. Just a thought though. I know that the O/S that I use has DNS caching on a smaller level. You can pull up a dos prompt and take a look at the IPs that have been cached. But I don't think that it has a shelf-life that is very long either. But You know You could write a filter that might could use the "Adlist" command in Proxo to log that entry into a blockfile. Well, I hope everyone is Having a Good Time wherever they might be, Best Wishes, Your Friend, "~JaK~" =:-) |
|||
|
|
|
Mar. 12, 2004, 09:26 PM
Post: #63
|
|||
|
|||
|
Some javascript master *looks at hpguru*, could compose a script that does this =) (Gets IP of current site and puts it in Title Bar)
|
|||
|
|
|
Mar. 13, 2004, 12:35 AM
Post: #64
|
|||
|
|||
|
Yep! That was kinda My thoughts "KYE-U".
 The "Guru" must be meditating somewhere or we've just missed each other here on the FORUM. Take Care and Have a Great Week-end Everyone, Your Friend, "~JaK~" =:-) |
|||
|
|
|
Mar. 14, 2004, 02:54 AM
Post: #65
|
|||
|
|||
|
I think he's busy raising his new-born baby
 I bet he is  I'm going to try to research and cram my brain with Javascript principles over this March Break... |
|||
|
|
|
Mar. 14, 2004, 03:36 AM
Post: #66
|
|||
|
|||
|
Hmmm;
Jak, I'm sorry to say that I don't know any command in a DOS box that would reveal anything like a temporary DNS cache. Can you please enlighten me as to what the command is, and where the file is? More to the point, how did that IP addy get back to our machine to get cached? It doesn't show in the Proxo Log, so if it is present, then it didn't come back to us through Port 80. If it had, then we could simply capture it with Proxo into a variable, and we'd be home free. The way I see it, you'd have to actually go out to the 'Net in order to get that data, just like your browser did in the first place. But I'd sure like to be wrong on this one, it would litearlly make our job easier. Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
|
|
|
Mar. 14, 2004, 02:03 PM
Post: #67
|
|||
|
|||
|
Hi "Oddysey",
I'll have to go back and check my "notes". I had never thought about trying to access that file before now so I didn't think about trying to use it as a "resource" for Proxo. I remember using the command to "clear" that Dns.log file in "Dos" just like You do the index.dat file. If there is a way to make Proxo use this Dns cache, there would all kinds of possibilities. I thought that I had given a link on the other forum to a web-site was talking about how to clear the cache file out, but I checked and couldn't find it. It could have been a "couple of Forums" back. "KYE-U" might could check and see. It had to do with how to work with WinXP a dns cache problem. Best Wishes, "~JaK~" =:-) |
|||
|
|
|
Mar. 14, 2004, 03:36 PM
Post: #68
|
|||
|
|||
|
Jak,
Which U/A's are considered "web page miners" according to Computer Cops? I've set up a "Limited-JAgents" list for my config so that I don't get that 'web page mining' error on Computer Cops... Which results in having to clear the session-only lists and refresh - countless times... I've been knocking U/A's out one at a time and am down to 222 U/A's in my "Limited-JAgents" list (a list used ONLY for Computer Cops thus far)... I would rather limit the U/A's as opposed to bypassing the spoofers altogether... Any info would be highly appreciated... Thanks again... |
|||
|
|
|
Mar. 15, 2004, 12:02 AM
Post: #69
|
|||
|
|||
|
Nevermind...
Computer Cops (and Nuke Cops) have a list of U/A "keywords" that are redirected to a page of fake e-mail addresses... Limiting Computer Cops to a reduced list of 218 U/As versus the original 238 (due to a repeat of Advanced Email Extractor) ought to get me in first shot upon starting a new surfing session... |
|||
|
|
|
Mar. 15, 2004, 04:06 AM
Post: #70
|
|||
|
|||
|
Hi "ProxRocks",
Good Work! LOL! I have looked for which one that those sites were "offended" of Myself. I thought about e-mailing "Paul" over there and just asking him. hehehehe. Thankx for the information on the Key words trigger. We can edit out those entries or just modify the Replacement strings of those entries.Here are some filters that You can "add" to Your default.configs that will use all the URLs in Your "Spoofer-by-pass" list to give a "standard replacement" text instead of a psuedo-random value. You can change to the replacement text to anything You would like to give the site. I like Your limited U/A idea too. In = FALSE Out = TRUE Key = "Client-ip: Jakx Random Client IP Spoofer (JP4)b (Out)" URL = "($LST(SpooferByPass))" Replace = "any ip from fake client-ip list" In = FALSE Out = TRUE Key = "User-Agent: Jakx U/A Rotatin' Randomizer (JP4)b(out) " URL = "($LST(SpooferByPass))" Replace = "Mozilla/3.01Gold (Win16; I) via l33t0-HaX0r.hiddenip.com" In = FALSE Out = TRUE Key = "Via: Jakx *Original* Spoofers (JP4)b (Out)" URL = "($LST(SpooferByPass))" Replace = "HTTP/1.0 Skru-U-\h (Squid/2.3.STABLE1)" In = FALSE Out = TRUE Key = "X-Forwarded-For: Jakx *Original* (JP4)b(Out) " URL = "($LST(SpooferByPass))" Replace = "any ip from fake X-forwarded-for list" ------------------------------------------------------- "Oddysey", Here is the dos comand to flush the dns cache "ipconfig /flushdns ". I haven't looked to see what the name of the file is. But here is a link that tells about it, and there is a "reg-hack" to fix the problem with the dns caching in Xp. Here Have a Great and Wonderful Day My good friends, Best Wishes, "~JaK~" =:-) |
|||
|
|
|
Mar. 15, 2004, 05:17 AM
Post: #71
|
|||
|
|||
|
Jak,
Got your link, thanks. But you should be aware that W9x doesn't have DNS caching, only the NT class of OS'es have it. Just for your information, you understand. <_< Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
|
|
|
Mar. 15, 2004, 11:55 AM
Post: #72
|
|||
|
|||
|
Let's see - from memory...
The "limited" list just excludes AOL IWENG, Sextant, TuringOS, Email Extractor, NEWT, and all Mozilla/2.0s... I'd have to revisit the two lists and compare them, but those entries are what comes to mind as "problematic" for Computer Cops... And as the popular (over used? lol...) saying around here goes - I have a great memory, it's just short... |
|||
|
|
|
Mar. 15, 2004, 01:14 PM
Post: #73
|
|||
|
|||
|
Yep! Seems like I've heard that before somewhere "~ProxRocks~".
Hey "Guys" I'm making some changes in the blockfile lists again, . . .to make the Headers look even more like "normal" web traffic. You know how that the Fake Proxies are "added" to the U/A string and sometimes on the "checker pages" we get results that say, (Cannot resolve Host name), well I'm working on having hostnames and the fake IPs match. I've already resolved the 130 entries to the first 130 hosts names in the "fake Proxy List". I tried it out over at the "leader" web-site and I was well pleased with the results. There would be no such results as (cannot resolve host's name). But I'm working with a list that has "tons" of entries, so it's going to take me awhile and "burning the mid-night oil" to get it completed. Take Care & Have a Great Day, Best Wishes, "~JaK~"=:-) |
|||
|
|
|
Mar. 16, 2004, 12:48 AM
Post: #74
|
|||
|
|||
|
Hey Jak,
What does the third number do? For example, $CON(1,323,3)$SET(0=216.41.20.189), the first item in ClientIP.txt... What does that '3' after '323' do? |
|||
|
|
|
Mar. 16, 2004, 05:49 AM
Post: #75
|
|||
|
|||
|
Hi "~ProxRocks~",
The third number sets how many connections are made before Proxo picks up the next entry. I staggered the list so it would be "off-set" with the other replacement values. It will make the Headers more "psuedo-random". Proxo scans a string at a time and unless "restarted" it will scan all the way through the blockfile list and then start back up at the top again. If I have two blockfile lists with the "same" number of entries and I have one scan one entry per connection, and the other scan at one entry per every three connections, Proxo will have to scan both lists (3) times before the "same" replacements are used again. Now if You have two blockfile lists that have "different" number of entries set at the "Same" scanning rate, the lists will rotate many times without having the same values. I use both of these techniques in "JakxPack". For instance the first entry in the Client-IP list is $CON(connection), 323 "entries" in the list, changing to the next entry "only" after Your Browser makes (3) connections to the server. If there isn't a third number, then the list is scanned one entry per every single connection Your browser makes with the server. Take Care My Good Friend, and that's a very "Good" question.  Best Wishes, "~JaK~"=:-) |
|||
|
|
|
« Next Oldest | Next Newest »
|