Post Reply 
flash leaking through toggle again?
Sep. 01, 2009, 10:49 AM
Post: #1
flash leaking through toggle again?
Here a few example where toggle flash has failed to worked.

http://www.sydneycyclist.com/
http://www.insidehw.com/Reviews/CPU/Inte...age-2.html


[Image: eadflaack.jpg]
Add Thank You Quote this message in a reply
Sep. 06, 2009, 12:07 PM
Post: #2
RE: flash leaking through toggle again?
I don't see a Flash object on the second page. There is a setInterval Timer, that isn't intercepted (because the respective function contains "clearInterval").

On the first page the responsible code is:
Code:
<div [...] _embedCode="&lt;embed [...] &lt;/embed&gt;">Loading…</div>

This Flash code is converted to a real Flash object by a script.
The "<object>...: Toggle Flash" webfilter doesn't look for this type of escaped Flash code.


Note that this config neither intercepts every Flash object or timer, nor does it block every advertisement. It just catches most of them.
Add Thank You Quote this message in a reply
Oct. 28, 2009, 10:10 PM
Post: #3
RE: flash leaking through toggle again?
I don't want to start another thread.

I have the contrary, on this side Proxo doesn't detect any flash. Can only bypass it.
Add Thank You Quote this message in a reply
Nov. 15, 2009, 09:00 PM (This post was last modified: Nov. 15, 2009 09:09 PM by sidki3003.)
Post: #4
RE: flash leaking through toggle again?
(Oct. 28, 2009 10:10 PM)Toppy Wrote:  I don't want to start another thread.

Hmm... better do so when you come across a different problem, also for reasons of visibility.

If you look at this page in dbug.. view, you'll see that the block is caused by "be.sitestat.com" tracking being integrated into the Flash script. Picking one of the Ad JS bypass keywords should do. Or select "Allow Ad JavaScript" from the Prox menu.

However, currently i see ads/trackers being embedded in Flash video scripts left and right. I'll attach three examples (one containing NSFW code). Maybe someone has an idea how to fix that generically (i.e., prevent respective filter from matching)?


Attached File(s)
.txt  blocked_flash.txt (Size: 4.2 KB / Downloads: 685)
Add Thank You Quote this message in a reply
Nov. 15, 2009, 09:52 PM
Post: #5
RE: flash leaking through toggle again?
Well, here's a rather dumb approach for alpha 4 (basically, whitelisting ".swf" in final test).
Hopefully we'll find a better solution.

Code:
[Patterns]
Name = "<script> Block: Ad Scripts - Content     09.11.15 [pr sd jd] (d.2) TEST"
Active = TRUE
URL = "$TST(hCT=*html)(^$TST(keyword=*.(a_ads|a_js|a_adjs|a_adscr).*))"
Bounds = "<script(^[^>]++\ssrc=)(*>)+{1}$INEST(<script(*>)+{1},</script)"
Limit = 2038
Match = "$TST(script=1*)(^$TST(comment=2))<script (for\=\"proxMoved-\w|)\2(*(>)\3)+{1}"
        "("
        ""
        "*.write(ln)+ \( "$TST(flag=*.chop_b:[12].*) (</+{0,1}|-)([a-z!-]+{0,10})\#"
        " "+{1,*} \+ "+{1,*}([a-z! -]+{0,20})\#"
        "$TST((\#\#)=(emb|img|ifr|div|lay|nos|scr$TST(\2=for*-(html|void)"))*)$SET(9=: \#+\# :)*"
        "|"
        "*<(" \+ ')+ifr(" \+ ')+ame($TST(flag=*.iframe_b:\0.*)|)("
        "$TST(\0=[12])|(^$TST(\0=0))[^>]++src=$AV([^/.]+//(^([^/]++.|)$TST(uDom)(^.))*|*.swf*)"
        ")$SET(9=iFrame)*"
        "|"
        "(^$TST(flag=*.adkey_j:[#*:0].*))"
        "("
        "($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8 [^a-z0-9](^\=)$SET(9=AdKey.1 \8)"
        "|*\s($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        " (^[a-z0-9,;&"'<]|=$AV((0|false|null|)(;*|)))$SET(9=AdKey.3 \8)"
        "|*("
        ".(write(ln|) \( |)($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^[a-z0-9"']|[.#:_ -][a-z0-9.#:_ -]+ { [a-z-]+ :|=$AV((0|false|null|)(;*|)))$SET(9=AdKey.2 \8)"
        "|_($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^[a-z0-9"']|[.#:_ -][a-z0-9.#:_ -]+ { [a-z-]+ :|=$AV((0|false|null|)(;*|)))$SET(9=AdKey.2 \8)"
        "|;($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^[a-z0-9]|=$AV((0|false|null|)(;*|)))$SET(9=AdKey.3 \8)"
        "|\+($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8[^a-z0-9]$SET(9=AdKey.3 \8)"
        "|\= ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8[^a-z0-9"']$SET(9=AdKey.4 \8)"
        "|\"($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"$SET(9=AdKey.5 \8)"
        "|\'($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"$SET(9=AdKey.5 \8)"
        ")"
        ")*"
        "|"
        "$TST(flag=*.adurl:1.*)"
        "*("
        "\= [\[(]+("
        "(\\+"(^ :+{0,1}(https+:)+{0,1}\\+/(\\+/)+{0,1})|\\\\+(x22|u0022)) [a-z0-9:_\\-]+{0,20}/| https+:|\\+/"
        "&$AV( $LST(AdList)*)"
        ")"
        "|\" :+{0,1}((https+:)+{0,1}\\+/(\\+/)+{0,1}[^"]+{2,*}(^(^\"))&&$LST(AdList)*)"
        "|\' :+{0,1}((https+:)+{0,1}\\+/(\\+/)+{0,1}[^']+{2,*}(^(^\'))&&$LST(AdList)*)"
        ")*"
        ""
        ")\5"
        "&<(script)\1[^>=]+(=(\\+")\6|>$SET(6=")|)"
        "(^*(<frameset(^*<frame\s[^>]++.location(.href|)[^a-z.])|.swf))"
        "($TST(\2=for*)$SET(2=pre )|$SET(2=$GET(mHead)))$SET(script=void)"
        ""
        "&$TST(hOrigUA=*("
        "(gecko/|opera)$SET(4=data:text/javascript,\3$ESC(\7))"
        "|msie$SET(4=javascript:\3$ESC(\7))"
        ")($TST((\7)=*)$SET(3=void%200%3B)|$SET(3=)$SET(7=var prxCountAd=++prxCountAd||1;))*)"
        "|"
        "$SET(4=http://local.ptron/sidki_h_$GET(cfg)/dummy.js$TST((\7)=*)?prx-w:$ESC(\7))"
        ""
        "&$SET(eAdJS=$GET(eAdJS)"
        "%3Cspan class=%22Pr0xFly-Span%22%3E\2 Content:%3C/span%3E"
        "   $ESC(\9)%3Cbr class=%22Pr0xFly-Br%22 /%3E"
        ")"
        "&$SET(0=$TST(keyword=(^$TST(tFrameset=*))*.i_level:5.*)"
        "<span class=\6Pr0x&#x20;Pr0xAdScript\6 style=\6display:$GET(displayD)\6>"
        "&#8226;&#160;JS Ad: \9</span>"
        ")"
        "&($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB JS_Ad_HTM\t\9 \t\u)|)"
Replace = "\0<\1 type=\6text/javascript\6 src=\6\4\6>\5"

Name = "Remove: Ad Functions II - Code     09.11.15 [jd sd] (d.3 l.3) TEST"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js)|$TYPE(vbs))(^$TST(keyword=*.(a_ads|a_js|a_adjs|a_adfn2|i_level:[12]).*)|$TST(volat=*.clength:([#3:1120]e|[#3:2400]).*))"
Limit = 906
Match = "function$TST(script=[1s]*)((\s[^( ]+ |)$NEST(\(,\)))\3 {($INEST({,}))\1"
        "|if( \($TST(script=[1s]*)$INEST(\(,\))\))\3 {($INEST({,}))\1"
        "|else {$TST(script=[1s]*)$INEST({,})"
        "|.write(ln)+ \($TST(script=[1s]*)($INEST(\(,\)))\1"
        "&&(function$SET(6=Func Code)$SET(4=return String();)$TST(\3)"
        " |if$SET(6=If Code  )$SET(4=} else if (0) {)$TST(\3)"
        " |else$SET(6=Else Code)"
        " |.write$SET(6=Doc Write)$SET(4=String() \); PrxVoidF\()(ln)+ )\7"
        "((?)\3"
        ""
        "&\( "$TST(flag=*.chop_b:[12].*) (<|-)"
        "([a-z!-]+{0,10})\# "+{1,*} \+ "+{1,*}([a-z! -]+{0,20})\#"
        "$TST((\#\#)=(emb|img|ifr|lay|nos)*)$SET(9=: \#+\# :)*>*"
        "|*<iframe($TST(flag=*.iframe_b:\0.*)|)("
        "$TST(\0=[12])|(^$TST(\0=0))[^>]++src=$AV([^/.]+//(^([^/]++.|)$TST(uDom)(^.))*|*.swf*)"
        ")$SET(9=iFrame)*>*"
        "|(^$TST(flag=*.adkey_j:[#*:0].*))"
        "("
        "{ ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8 [^a-z0-9](^\=)$SET(9=AdKey.1 \8)"
        "|\( ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        " [^a-z0-9,](^\= (^$AV(0|1|false|true|null)))$SET(9=AdKey.1 \8)"
        "|(^\( " \\+<[a-z])*("
        ".($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^[a-z0-9/"'(]|[.#:_ -][a-z0-9.#:_ -]+ { [a-z-]+ :|=$AV((0|false|null)(;*|)))$SET(9=AdKey.2 \8)"
        "|_($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^(^?)|[a-z0-9/"'(]|[.#:_ -][a-z0-9.#:_ -]+ { [a-z-]+ :|=$AV((0|false|null)(;*|)))$SET(9=AdKey.2 \8)"
        "|; ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8"
        "(^[a-z0-9"']|(.|\s)[a-z0-9. ]+"|=$AV((0|1|false|true|null)(;*|)))$SET(9=AdKey.3 \8)"
        "|\+ ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8[^a-z0-9]$SET(9=AdKey.3 \8)"
        "|\= ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8[^a-z0-9"']$SET(9=AdKey.4 \8)"
        "|\" ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8(^ [a-z0-9]|\"[,\]])$SET(9=AdKey.5 \8)"
        "|\' ($LST(AdKeys-J)([0-9_.:-][a-z0-9_.:-]+)+{0,1})\8(^ [a-z0-9]|\'[,\]])$SET(9=AdKey.5 \8)"
        ")"
        ")*"
        "|(^\( " \\+<(/|)[a-z])$TST(flag=*.adurl:1.*)"
        "*("
        "\= [\[(]+("
        "(\\+"(^ :+{0,1}(https+:)+{0,1}\\+/(\\+/)+{0,1})|\\\\+(x22|u0022)) [a-z0-9:_\\-]+{0,20}/| https+:|\\+/"
        "&$AV( $LST(AdList)&*[^)](^?))"
        ")"
        "|\" :+{0,1}((https+:)+{0,1}\\+/(\\+/)+{0,1}[^"]+{2,*}(^(^\")|\"[',\]])&&$LST(AdList)*)"
        "|\' :+{0,1}((https+:)+{0,1}\\+/(\\+/)+{0,1}[^']+{2,*}(^(^\')|\'[",\]])&&$LST(AdList)*)"
        ")*"
        ""
        ")"
        "&(^*.(PlayerVersion|swf))"
        "$SET(eAdJS=$TST(hCT=*html)$GET(eAdJS)"
        "%3Cspan class=%22Pr0xFly-Span%22%3E$GET(mHead) \6:%3C/span%3E"
        " $ESC(\9)%3Cbr class=%22Pr0xFly-Br%22 /%3E"
        ")"
        "($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB JS_AdFunction II\t\6 \t\9 \t\u)|)"
Replace = "\7\3 \4 /* PROX: Ad Function II Blocked - (\9) */ \1"
Add Thank You Quote this message in a reply
Nov. 16, 2009, 08:18 PM (This post was last modified: Nov. 16, 2009 08:40 PM by JJoe.)
Post: #6
RE: flash leaking through toggle again?
(Nov. 15, 2009 09:00 PM)sidki3003 Wrote:  
(Oct. 28, 2009 10:10 PM)Toppy Wrote:  I don't want to start another thread.

Hmm... better do so when you come across a different problem, also for reasons of visibility.

(Nov. 15, 2009 09:00 PM)sidki3003 Wrote:  Maybe someone has an idea how to fix that generically (i.e., prevent respective filter from matching)?

Ummmm Wink


What about adding something like

Code:
*(https+://\w.(swf|flv)$SET(Block=no)&$LST(AdList))*$SET(Block=)
|
((^$TST(Block=no))|$SET(Block=)(^))

?

Look for scripts that contain swf files and then
remove them immediately or prevent match.

HTH
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: