Post Reply 
Yahoo mail login wallpaper
Jul. 01, 2010, 10:48 PM (This post was last modified: Jul. 01, 2010 10:49 PM by zoltan.)
Post: #1
Yahoo mail login wallpaper
Yahoo mail has started inserting a large wallpaper-style backgound on their login page. Example image here.
I've been unable to filter it using the AdHosts list, which is the way I typically eliminate specific unwanted backgrounds. Enabling "Use SSLeay/OpenSSL" and adding libeay32.dll, ssleay32.dll, & msvcr70.dll to the main Prox folder hasn't helped. In fact I've never had any success filtering unwanted Yahoo mail code. What am I doing wrong?
Add Thank You Quote this message in a reply
Jul. 02, 2010, 02:00 AM
Post: #2
RE: Yahoo mail login wallpaper
(Jul. 01, 2010 10:48 PM)zoltan Wrote:  Yahoo mail has started inserting a large wallpaper-style backgound on their login page. Example image here.
I've been unable to filter it using the AdHosts list, which is the way I typically eliminate specific unwanted backgrounds. Enabling "Use SSLeay/OpenSSL" and adding libeay32.dll, ssleay32.dll, & msvcr70.dll to the main Prox folder hasn't helped. In fact I've never had any success filtering unwanted Yahoo mail code. What am I doing wrong?

IIRC, you see
https://s.yimg.com/lq/a/1-/java/promotions/t/login/100617yhp/tie4.jpg but The Proxomitron sees
https://s.yimg.com:443/lq/a/1-/java/promotions/t/login/100617yhp/tie4.jpg
Note the addition of the port number, :443.

So try adding something like
Code:
s.yimg.com:&*/login&*/promo*.jpg&$RDIR(http://local.ptron/killed.gif)

to your 'user' list, Exceptions-U or Include-Exclude-U.

HTH
Add Thank You Quote this message in a reply
Jul. 02, 2010, 03:49 AM
Post: #3
RE: Yahoo mail login wallpaper
I added that to Include-Exclude-U, reloaded lists, cleared cache and then clicked my example link above, but it did not block it. In fact, the log showed no activity at all.

I'm confused. Why should the image be redirected to another image? Why not just prevent it from loading via AdHosts? I'd prefer a blank background anyway.

Not sure where the :443 came from and why

Is the "&" symbol used just in case "promo" and "login" are someday reordered in the URL?
Add Thank You Quote this message in a reply
Jul. 02, 2010, 01:17 PM
Post: #4
RE: Yahoo mail login wallpaper
(Jul. 02, 2010 03:49 AM)zoltan Wrote:  the log showed no activity at all.

Have you set the browser to use the Proxomitron for HTTPS?

(Jul. 02, 2010 03:49 AM)zoltan Wrote:  I'm confused. Why should the image be redirected to another image?

killed.gif is a transparent or blank image. Proxomitron's \k works like this.

(Jul. 02, 2010 03:49 AM)zoltan Wrote:  Why not just prevent it from loading via AdHosts? I'd prefer a blank background anyway.

You might but I don't see your issue at Yahoo mail. I couldn't be sure it would work.

(Jul. 02, 2010 03:49 AM)zoltan Wrote:  Not sure where the :443 came from and why

443 is the default port for https. When you don't add a port, :443 is added for you.

(Jul. 02, 2010 03:49 AM)zoltan Wrote:  Is the "&" symbol used just in case "promo" and "login" are someday reordered in the URL?

Yep.

HTH
Add Thank You Quote this message in a reply
Jul. 02, 2010, 07:00 PM
Post: #5
RE: Yahoo mail login wallpaper
The browser was only set for localhost 8080. But now when I added localhost 443 in the SSL box, the yahoo login won't work. It just gives an error message: "Firefox is configured to use a proxy server that is refusing connections."

(Jul. 02, 2010 01:17 PM)JJoe Wrote:  You might but I don't see your issue at Yahoo mail. I couldn't be sure it would work.

Well, I just want to prevent the .jpg from loading. That list has always seemed to work for non-https sites. Does https change the function?
Add Thank You Quote this message in a reply
Jul. 02, 2010, 09:43 PM
Post: #6
RE: Yahoo mail login wallpaper
(Jul. 02, 2010 07:00 PM)zoltan Wrote:  The browser was only set for localhost 8080. But now when I added localhost 443 in the SSL box, the yahoo login won't work. It just gives an error message: "Firefox is configured to use a proxy server that is refusing connections."

Proxo is at port 8080 for HTTP and HTTPS. So in the SSL Box you would add the same info as the HTTP box.

.png  ProxNFF.png (Size: 34.35 KB / Downloads: 858)

443 is the port on the yahoo server that your computer will try to use.
80 is the default port for HTTP.

(Jul. 02, 2010 07:00 PM)zoltan Wrote:  
(Jul. 02, 2010 01:17 PM)JJoe Wrote:  You might but I don't see your issue at Yahoo mail. I couldn't be sure it would work.

Well, I just want to prevent the .jpg from loading. That list has always seemed to work for non-https sites. Does https change the function?

No.
There are two ways to prevent the .jpg from loading.
1. Remove the code that calls the jpg from the page's HTML. The browser can't request what it doesn't know about.
2. Intercept the browser's request or the server's response for the jpg and block, redirect, or modify.

I can't be sure adding to AdHosts removes the code from a page that I don't see.
I can see that adding to Include-Exclude-U blocks or redirects my access to the address that you provided.

HTH
Add Thank You Quote this message in a reply
Jul. 04, 2010, 09:06 PM
Post: #7
RE: Yahoo mail login wallpaper
After adding localhost 8080, Firefox (and Proxomitron) is now responding with a series of warnings/errors.

.gif  prox ssl.gif (Size: 30.37 KB / Downloads: 858)

After going through all of them and choosing "allow" in the Proxomitron box, I get different results depending on which list I use.

With Adhosts, it still loads the image. With your code placed in Include-Exclude-U, it loads the login page (without the jpeg) but only after going through the Firefox warnings and clicking "allow" numerous times. Is this unavoidable, or is something still wrong?

Sorry to be dense, but I still don't understand the Adhosts issue. When you say "... a page that I don't see," do you mean that the yahoo login page or the image that I'm seeing won't load for you? The first method you listed, removing the code that calls the .jpg, would seems to include 1) writing a new web filter that matches/replaces the jpeg's URL, or 2) adding that URL to one of the lists that can block it.
Add Thank You Quote this message in a reply
Jul. 04, 2010, 09:34 PM
Post: #8
RE: Yahoo mail login wallpaper
there are two ways around the ssl warnings/errors...

1) http://prxbx.com/forums/showthread.php?tid=1618
2) using "half-ssl"

i use "half-ssl" but the ProxHTTPSProxy has been on my to-do list, i've trial-ran it in several of its earlier versions, but haven't been able to return to it - yet...


with #1, you need (?) OpenSSL installed (the thread is fairly lengthy, but patience and time to read it through will get you up and rolling)...

with #2, you need the OpenSSL dll's copied over to Prox's "home directory"...


i only use Firefox for debugging purposes and not for day-to-day browsing, so "mileage may vary" Big Teeth
Add Thank You Quote this message in a reply
Jul. 05, 2010, 03:10 AM
Post: #9
RE: Yahoo mail login wallpaper
(Jul. 04, 2010 09:06 PM)zoltan Wrote:  After adding localhost 8080, Firefox (and Proxomitron) is now responding with a series of warnings/errors.


After going through all of them and choosing "allow" in the Proxomitron box, I get different results depending on which list I use.

With Adhosts, it still loads the image. With your code placed in Include-Exclude-U, it loads the login page (without the jpeg) but only after going through the Firefox warnings and clicking "allow" numerous times. Is this unavoidable, or is something still wrong?

I don't see Proxo complaining. Have you updated the certs with certs.zip at http://proxomitron.info/files/index.html ?

I do see Firefox warnings. Some, maybe most, may be avoided as ProxRocks has noted. Removing unneeded https addresses also avoids the warning, of course.

(Jul. 04, 2010 09:06 PM)zoltan Wrote:  When you say "... a page that I don't see," do you mean that the yahoo login page or the image that I'm seeing won't load for you?

My yahoo login page did not have a link to a background image. I had text. Sidki's set removed the text, iirc.

Code:
Welcome to Yahoo!

    * Stay in touch with free Mail and Messenger.
    * Protect your PC with free Anti-Spy and Pop-Up Blocker.
    * Get weather forecasts and current conditions for your area.
    * Tune in to the latest in music, entertainment, and sports.

Get all the best with one Yahoo! ID.

Your Yahoo! ID gives you access to powerful communications tools like mail and instant messaging, security features like email AntiVirus and Pop-Up Blocker, and favorites like online photos and music — all for free.

However, I have found a page that has a link to a background image.

In the login page's html there is code like

Code:
<div id='iframeHolder'>
<iframe id='adFrame' src='https://login.yahoo.net/login_superads/superads_iframe_content.html?es=alphanumerichere' frameborder='0' scroll='no' height='1200' width='1920' onload='loadTime = new Date().getTime();'>
</iframe>
    </div>


The ?es=alphanumerichere in the address probably changes and may be unique, I haven't checked.

'https://login.yahoo.net/login_superads/superads_iframe_content.html?es=alphanumerichere' contains text or background image depending on something.

A 'https://login.yahoo.net/login_superads/superads_iframe_content.html?es=alphanumerichere' page with a background image has

Code:
<style>#richad{height:926px;width:1340px;overflow:hidden;position:relative;margin:0 auto;background:url(https://s.yimg.com/lq/a/1-/java/promotions/t/login/100617yhp/tatoo2.jpg) no-repeat -26px top;}</style>

(Jul. 04, 2010 09:06 PM)zoltan Wrote:  The first method you listed, removing the code that calls the .jpg, would seems to include 1) writing a new web filter that matches/replaces the jpeg's URL, or 2) adding that URL to one of the lists that can block it.

Correct. Lets try for the "2)" with AdHosts but sidki may prefer another way.
The filter we want to invoke is "CSS: Remove Ad Backgrounds"
It uses AdList which calls AdHost. AdHost warns

Quote:To match it must be followed by a boundary: a dot, slash, dash, or end-of-string.

and provides

Code:
#    For CSS backgrounds ("CSS: Hide Ad Backgrounds" filter):
#      $TST(\3=d)

We are hunting addresses like

Code:
s.yimg.com/lq/a/1-/java/promotions/t/login/100617yhp/tatoo2.jpg
s.yimg.com/lq/a/1-/java/promotions/t/login/100617yhp/facebook2.jpg

Lets try adding

Code:
s.yimg.com/&*/promo&*/login*.jpg&$TST(\3=d)

to AdHost. Result

Code:
<Match: CSS: Remove Ad Backgrounds     6.12.19 [sd] (d.2 l.3) >
background:url(https://s.yimg.com/lq/a/1-/java/promotions/t/login/100617yhp/facebook2.jpg)
</Match>

Now my question is how are you seeing the background image?
I think sidki's sets stop this by removing access to 'https://login.yahoo.net/login_superads/superads_iframe_content.html?es=alphanumerichere' and maybe could by modifying some headers.

Have you added entries for login.yahoo.com to you user list?

Note that unlike header filters where we must remember the :443, Web page filters must match what is on the page.

HTH
Add Thank You Quote this message in a reply
Jul. 06, 2010, 04:34 AM
Post: #10
RE: Yahoo mail login wallpaper
No, I still had the original certs. But now with updated certs AND Proxomitron.exe (from 5/22 to 6/1) the Prox warnings have disappeared but the Firefox warnings persist.

(Jul. 04, 2010 09:34 PM)ProxRocks Wrote:  with #2, you need the OpenSSL dll's copied over to Prox's "home directory"...

Are these the ones I've already copied (libeay32.dll, ssleay32.dll, & msvcr70.dll)? Does that mean I'm using "half-ssl" now?

(Jul. 05, 2010 03:10 AM)JJoe Wrote:  My yahoo login page did not have a link to a background image. I had text. Sidki's set removed the text, iirc. However, I have found a page that has a link to a background image.

Yes, I get the code that includes iframeHolder with the superads on the login page. Not sure why that would be different for others, but maybe it's location specific.

I do have CSS: Remove Ad Backgrounds enabled. If it requires other filters to be enabled maybe that's the culprit. Seems like I remember having to enable or disable something rather important several years ago to get the background dimmer to work, but I can't remember what it was.

"User list"? Like User-Agents? There's nothing about Yahoo in there.

Now after adding s.yimg.com/&*/promo&*/login*.jpg&$TST(\3=d) to Adhosts I'm getting a Proxomitron exception error that pops up every time I click FF's "try again" so the page won't load at all.
.gif  prox2.gif (Size: 11.26 KB / Downloads: 843)

Hmmmm. I didn't anticipate that it would be this difficult. I'd like to avoid helper apps because I've gotten several friends to use Proxomitron and I supply them with updates and customizations from my config/lists. Yes, I know, I'm not exactly the most qualified for that, but the program with sidki's filters does some incredible things and I'm the best they've got. It's hard enough to convince people to use it at all, but I think an additional program would be an even tougher sell. From what I read above, it looks like I'm stuck with the warnings when filtering https. If that's the case, maybe the best decision is to not filter.
Add Thank You Quote this message in a reply
Jul. 06, 2010, 05:36 AM (This post was last modified: Jul. 06, 2010 05:56 AM by JJoe.)
Post: #11
RE: Yahoo mail login wallpaper
(Jul. 06, 2010 04:34 AM)zoltan Wrote:  No, I still had the original certs. But now with updated certs AND Proxomitron.exe (from 5/22 to 6/1) the Prox warnings have disappeared but the Firefox warnings persist.

So you had May instead of June.

(Jul. 06, 2010 04:34 AM)zoltan Wrote:  
(Jul. 04, 2010 09:34 PM)ProxRocks Wrote:  with #2, you need the OpenSSL dll's copied over to Prox's "home directory"...

Are these the ones I've already copied (libeay32.dll, ssleay32.dll, & msvcr70.dll)? Does that mean I'm using "half-ssl" now?

Yes and probably no.
Enable "! |||||||||||| 2.2 Use Half-SSL 5.01.12 [jjoe] (o.2) (Out)" to use "Half-SSL"

(Jul. 06, 2010 04:34 AM)zoltan Wrote:  
(Jul. 05, 2010 03:10 AM)JJoe Wrote:  My yahoo login page did not have a link to a background image. I had text. Sidki's set removed the text, iirc. However, I have found a page that has a link to a background image.

Yes, I get the code that includes iframeHolder with the superads on the login page. Not sure why that would be different for others, but maybe it's location specific.

I do have CSS: Remove Ad Backgrounds enabled. If it requires other filters to be enabled maybe that's the culprit. Seems like I remember having to enable or disable something rather important several years ago to get the background dimmer to work, but I can't remember what it was.
"User list"? Like User-Agents? There's nothing about Yahoo in there.

Sorry, I meant Include-Exclude-U. I see sidki's set removing or modifying the code in iframeHolder. For me, 'CSS: Remove Ad Backgrounds' wasn't needed to remove image. I had to disable some filters to be able to test my Include-Exclude-U entry for 'CSS: Remove Ad Backgrounds'.

I think the changes that you have made may be the reason you see the background image. Do you see the image with an unaltered sidki set or the sidki_oob cfg?

(Jul. 06, 2010 04:34 AM)zoltan Wrote:  Now after adding s.yimg.com/&*/promo&*/login*.jpg&$TST(\3=d) to Adhosts I'm getting a Proxomitron exception error that pops up every time I click FF's "try again" so the page won't load at all.

My disabling of filters could be the reason I don't see the exception error or your changes could be the reason that you do or it could be unrelated but it's tough for me to help. ;-)

(Jul. 06, 2010 04:34 AM)zoltan Wrote:  Hmmmm. I didn't anticipate that it would be this difficult. I'd like to avoid helper apps because I've gotten several friends to use Proxomitron and I supply them with updates and customizations from my config/lists. Yes, I know, I'm not exactly the most qualified for that, but the program with sidki's filters does some incredible things and I'm the best they've got. It's hard enough to convince people to use it at all, but I think an additional program would be an even tougher sell. From what I read above, it looks like I'm stuck with the warnings when filtering https. If that's the case, maybe the best decision is to not filter.

The warnings are a good thing but a pain, in this case, since we don't really need to be warned about the Proxomitron.

The helper apps a tough sell. Half-SSL does miss and when it does there is a warning.
But there is also the question of your friends filtering banking, shopping, and other important ($$$$) sites...

HTH

BTW, you might want to start getting ready for the next version by customizing SIDKI 2009-05-24 ALPHA 4.
Add Thank You Quote this message in a reply
Jul. 06, 2010, 08:12 AM
Post: #12
RE: Yahoo mail login wallpaper
After enabling 2.2 Use Half-SSL 5.01.12 [jjoe] I can now login with no warnings, but logging out causes the FF untrusted connection warning. And other sites are triggering Proxomitron ssl warnings.

(Jul. 06, 2010 05:36 AM)JJoe Wrote:  Do you see the image with an unaltered sidki set or the sidki_oob cfg?
With https filtering + the new adhosts entry? or are the original settings needed to test this? I loaded the oob config and disabled "use SSLeay..." and the image loads. With "use SSLeay.." enabled, the image doesn't load, but FF gives warnings.

The only yahoo-related entries in Include-Exclude-U are:

Code:
de.mc256.mail.yahoo.com                    $SET(0=a_code.)
www.yahoo.com/   $JUMP(https://login.yahoo.com)
my.yahoo.com/   $JUMP(http://mail.yahoo.com)

The alpha... will there be an eventual release? It's been a while since the last one and I wasn't sure if the alpha was worth it.
Add Thank You Quote this message in a reply
Jul. 06, 2010, 02:07 PM
Post: #13
RE: Yahoo mail login wallpaper
(Jul. 06, 2010 08:12 AM)zoltan Wrote:  After enabling 2.2 Use Half-SSL 5.01.12 [jjoe] I can now login with no warnings, but logging out causes the FF untrusted connection warning. And other sites are triggering Proxomitron ssl warnings.

Half-SSL works by hiding the https from the browser. Proxomitron handles the https and feeds the browser http. A sidki set Half-SSLed link for 'https://login.yahoo.com/' is 'http://https-px-.login.yahoo.com/'. FF will give warning for the first but not for the second.

You or the Proxomitron's web page filters must provide the Half-SSLed links.

I don't see warnings when logging out but the yahoo logout pages that I have seen probably use different code than yours.

I rarely see warnings but I don't use many https sites.

(Jul. 06, 2010 08:12 AM)zoltan Wrote:  
(Jul. 06, 2010 05:36 AM)JJoe Wrote:  Do you see the image with an unaltered sidki set or the sidki_oob cfg?
With https filtering + the new adhosts entry? or are the original settings needed to test this? I loaded the oob config and disabled "use SSLeay..." and the image loads. With "use SSLeay.." enabled, the image doesn't load, but FF gives warnings.

Sorry, "unaltered" was a poor choice.
With https filtering and without the new adhost entry. I don't see the image.

And aren't those FF warnings a pain...

(Jul. 06, 2010 08:12 AM)zoltan Wrote:  The alpha... will there be an eventual release?

Not for me to say.

(May. 24, 2010 07:31 PM)sidki3003 Wrote:  After a while, i have some time for public Proxomitron again. I hope it will last long enough to finally get this darned config update released, but i'm not sure.

I did continue with updating a filter now and then, but not too often. All in all, the (last public alpha) config remained refreshingly stable for me. Except for the Google filters. So i'm going to begin with updating (and cutting down) these filters.

and

(Jul. 18, 2009 09:57 PM)sidki3003 Wrote:  Regarding further development of this config set:
Normally, the coding of new features is the minor part of the task, and it takes by far longer to test the new code on a wide variety of pages. I can't really do the latter anymore.

So - in case you've decided to test an alpha or beta version - submitting your Log-Rare entries (anonymously via this submission form) is sort of mission critical. Wink

http://prxbx.com/forums/showthread.php?t...9#pid13139
Add Thank You Quote this message in a reply
Jul. 07, 2010, 03:40 AM
Post: #14
RE: Yahoo mail login wallpaper
Until there's a better solution, I'll probably just not filter https. With a day or two of experimenting I've found there are just too many instances where Firefox requires adding exceptions to untrusted connections.

Looks like it's time to investigate the alpha. But I just checked the current Log-rare (which I never do). Lots of entries - it's up to 123k.

Thanks for all the info.
Add Thank You Quote this message in a reply
Sep. 10, 2010, 01:59 AM (This post was last modified: Sep. 10, 2010 02:00 AM by LMT.)
Post: #15
RE: Yahoo mail login wallpaper
read somewhere else... :"A bunch of pretentious, ugly and hipster people posing in full body shots, displayed RIGHT IN TO your face"

try:
https://login.yahoo.com/config/login?.sr....yahoo.com

or clicking on "Help" on the login page, and then bookmarking that page for yahoo login.

That's my best solution 'till now
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: