Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Scott Lemmon

Pages: [1] 2 3 ... 6
1
Questions and Answers / List Excludes
« on: August 28, 2002, 10:06:21 PM »
It depends on how you're calling the list.  unless the check begins with the word you're trying to match, it won't match unless you also add a leading wildcard of some type (which is why the example has "*" in it). Also, if you're calling the list with something like (*$LST(myList)) it won't work like you might expect because as each character is scanned against the list, the exclude will be "false" at a different point from where the match would be true.  It might be easier to see without a list...
 
   *(foo&(^barfoo))

would still match "barfoo" because at the point where "foo" is true "barfoo" is, in fact, false.  Confused yet?  ;-)






 

2
Questions and Answers / Proxomitron "mixing" URLs?
« on: August 18, 2002, 06:24:16 PM »
Mozilla has a bug with persistent connections and pipelining where if you press stop in the browser, it doesn't close the connections it's queued requests on as it should.  This can cause future requests to use the wrong URLs as the proxy is still returning previously queued items. However I've never seen this happen in Opera (or Mozilla when piplining is disabled) even when test loding many things at once. Indeed, there's really no difference between loading multiple pages and loading a single page with many items on it (like a page full of images).  Every item on a page is a unique URL as far as Proxomitron is concerned.

Make sure none of your filters are modifiying headers needed for persistent connections to work properly (Connection:, Content-Length:, Transfer-Encoding:, etc.) or affecting the connection in some other way.

Also if you're chaining through an additional proxy (or firewall that filters HTTP) check to see if that's contributing to the problem. Many proxies especially don't have HTTP/1.1 support and can mess up connections when chained to a HTTP/1.1 proxy.

 

3
Questions and Answers / Scott!! Sorry mate!!!!
« on: August 01, 2002, 03:52:14 AM »
Ah, no problem - glad you've finally found the problem at least Memory errors can cause really strange and oddly application specific errors sometimes.  It's almost as if Windows keeps mapping the same areas of memory to a given program.

The "not responding" thing usually means the listening socket is screwed up somehow. Can happen sometimes if the browser or Proxomitron crashes and doesn't terminate cleanly - it's almost as if the port gets "stuck". I run into it all the time debugging errors.

 

4
Questions and Answers / Getting garbage when viewing text files
« on: July 15, 2002, 01:13:42 AM »
What browser are you using?  My guess is it's probably an older one that doesn't support gzip encoding. If that's the case, disabling the header is the best solution.  Proxomitron only decodes pages it filters - the google example is plain-text so is sent as-is. Same thing would happen if you bypassed the web filters on a gziped page.

 

5
Questions and Answers / Getting garbage when viewing text files
« on: July 13, 2002, 10:31:59 PM »
Might help if you mentioned what link you were talking about

 

6
Questions and Answers / Naoko 4.3
« on: July 12, 2002, 04:27:29 PM »
I'm using one of the nightly builds of Mozilla and it seems that the pipelining has been mostly fixed.  There's still a problem with it sometimes having trouble if you stop a page in the middle of loading and then load another page - Mozilla still tries to reuse connections which have old requests queued up on them.  

They've also fixed another annoying bug that would randomly cause some pages to load twice - it could be hard to notice, but on some pages you'd see two requests in Proxomitron's log window.  It could cause double posts at some sites too.

As far as the persistence goes it works fine, but you may be having the local file problem described in the other posts.  Disabling local persistence will avoid that, but using the filter should work better.

Funny that there's not much consistency in the symptoms people describe as causing this - for example, some were reporting turning off local persistence actually made the half-loads worse. Since many things - both Proxomitron related and not - can cause partial page loads, I suspect it may not all be the same issue.


 

7
One way to avoid this is to replace any foo.location="something" with foo.location.replace("something");  This overlays the entry in the browser's history so you don't hit it again when you go "back".  Really, it's what a well designed redirect script should use to begin with.

 

8
Questions and Answers / bypass doesn't work with IE6 & Win XP
« on: July 09, 2002, 02:33:30 AM »
My guess is IE still had the old image in the cache. Next time try pressing CTRL+F5 to do a full reload.  Also you can add the URL of the radar image (not the page) to your bypass list to automatically avoid the de-animation.

-Scott-

 

9
Questions and Answers / Why hide browser properties from JS....
« on: July 07, 2002, 10:19:01 PM »
Actually there's many ways a website can sneak JavaScript data back to a server.  One very common method is to dynamically create a image who's URL contains the info they want to pass embedded within it. When the browser then loads the image, the URL and information it contains is sent back to the server. Many counters and stat trackers use this trick to track things like screen resolution, color depth, and other info not normally found in HTTP headers.

 

10
Questions and Answers / Yahoo Password Check
« on: July 03, 2002, 04:20:54 PM »
I think Yahoo may be forcing this for security now.  I know when I post at Yahoo groups I'll sometimes be asked to re-enter my password too.

The only way round it would be to make an auto-login filter to fill in and submit your username & password automatically when the login page comes up.

-Scott-

 

11
Questions and Answers / Need Scojo ACR Help!
« on: July 01, 2002, 05:19:00 AM »
quote:

Scojo's filter is very effective but I am going to continue to use bannar blaster because some ads seem to get by it.  I also use Pauls JavaTamer 1 & 2, Ad Containers, Remove contents of <no script>, as well as, Map Ad blaster and the default pop-up filters as my main filters.  That seems to be a good combination for my needs.  The pages load quickly, almost all ads are neutralized and I don't have to tinker around too much.

Proxo Rules!!!



At the Yahoo list I've been playing with a new idea to remove ad containers using the javascript DOM.  Advantage is it's pretty fast and simple, disadvantage is it only works in browser that fully support DOM (includes IE 5+, Mozilla and Netscape).  Opera's DOM support isn't quite up to it yet.  Here's my current incarnation (even newer than the one on Yahoo). Just add these two filters to your webfilters...

+++++++++ clip here +++++++++++++++

[Patterns]

Name = "DOM container killer v0.003"
Active = TRUE
Limit = 256
Match = "<start>"
Replace = "<script>"
 "function PDOMhide(t){"
 "  var x=t.parentNode;"
 "  var d=4;"
 "  while(d-- && x && x.childNodes.length<5){"
 "    var y=x;"
 "    var tag=y.nodeName;"
 "    x=x.parentNode;"
 "    if(tag.match(/^(TD|TR|IFRAME|A|DIV|P|SPAN)$/)){"
 "      if(0){alert(tag + ":" + y.childNodes.length + "\n" + y.innerHTML);}"
 "      if(tag=="TR"){d=0;}"
 "      y.parentNode.removeChild(y);"
 "    }"
 "  }"
 "  t.parentNode.removeChild(t);"
 "}"
 "</script>
"

Name = "DOM Banner Blaster v0.003"
Active = TRUE
Bounds = "<as*</a>|<iframe*</iframe>|<ilayer*</ilayer>|<img*>|<input*>|<script*</script> <noscript>"
Limit = 800
Match = "*=$AV($LST(AdKeys)*)*&<(a*<img|[^a])"
Replace = "<img src="http://local.ptron/killed.gif" "
          "onload="PDOMhide(this);" width=1 height=1>"

+++++++++ clip here +++++++++++++++

It seems to work pretty well so far and should kill anything the normal banner blaster does.  Just be sure to turn the regular B.B. off if you use this one (they may conflict if used together).

-Scott-


Edited by - Scott Lemmon on 01 Jul 2002  06:28:03

12
Questions and Answers / Proxomitron and Chat software!
« on: June 28, 2002, 08:27:30 PM »
Hi!

Normally chats (like IRC) don't use HTTP protocol which is all Proxomitron knows to filter. I have seen a few that do use HTTP though - mostly to make them better able to go through firewalls.  It's probably rare, but in those cases you might just be able to filter some things. Still I don't think you could stop someone with operator/moderator access from booting you out of a channel - that normally happens on the chat server itself and doesn't depend on the client.

 
-Scott-
 



 

13
Questions and Answers / URL Obfuscation
« on: June 27, 2002, 04:45:25 PM »
It kind of depends on the URL obfuscation trick you're using, your browser and any proxies. Take hex escapes for example - some browsers (like IE I think) will remove (or even add) escapes before sending the request on - others won't. Browsers might also not be consistent with how they deal with things like the host header. It's actually not valid to include escapes in anything other than the path portion of a URL. Browsers that don't remove them can send a malformed URL to the server. Hex escapes in the path are always legal since the destination web server will convert them.  In fact things like unescaped spaces are not legal in a path, but again some browsers escape any spaces and others don't.

Tricks like IP obfuscation depend on the program doing the DNS.  This will be your browser, or a proxy, but in the end usually comes down to how the system's  name resolver library works.  In general though you can't depend on them working through a proxy.

Really these are all just tricks - they're generally non standard and browser dependant. Also they don't do much to hide your real destination. Mainly they seem to be used to fool the end user - not any eavesdroppers. That's why spammers seem to love them - it can make it more difficult to figure out what URL they're hosting themselves at by looking at the HTML, but the browser decodes the stuff before making the actual request.

For real security it would be better to have two proxies convert everything to HTTPS and back again. HTTPS encrypts the URL and all headers so nothing would be left visible - all an intermediary could see is that you're connecting to the second (decrypting) proxy. Of course the second proxy would still have to make the final leg in the clear.  Really, you might as well just set up a VPN to do the same thing for all traffic.


Edited by - Scott Lemmon on 27 Jun 2002  17:49:17

14
Questions and Answers / Viewer for $ADDLST logs?
« on: June 25, 2002, 03:57:56 PM »
quote:

Ok, so the command is the one reporting the error, but that could only occur because that what is put in the list is the result of an error in the matchexpression...



No. You're not putting "the result of an error" into a list (I don't even know what that means).  You're just placing an invalid expression into a list.  Lists contain matching expressions not plain text - if you stick something in there that's not parsable you'll get the error. That's all there is to it.

quote:

I did not realize you were talking about these constructs...(btw. if they exisited in previous incarnations of ACR, then they do nolonger now, apart from ?++ in some places)

but you also do know why this construct was used and not just a plain asterisk? it is simply the result of having encountered too many situations where * and a larger bytelimit caused a filter matching <TAG*</TAG> to extend the match over the ending tag to the next ocurance of </TAG>, ?++ stops at the first occurance, * does not if the bytelimit is large enough...



No they both work *exactly* the same in the case you describe.  Both will accept the first match they find as long as what follows in the match is also true. if not they'll both keep looking for other matches. If anything ?++ is the one more likely to be flakey.

quote:

As I recall, I encountered such situations myself sometimes...using ?++ in these cases made sure it did not overshoot even if there were more possible endtag matches fitted in the buffer...



Can you provide any evidence of this (like a simple, to the point example)?  My guess is it was something else in the expression causing that.

quote:

quote:

   (*)1 = 1



I must admit that I have been forced to use this exact form a couple of times myself because otherwise the 1 would take up what was before the parenthesis.

suppose the following  $AVQ( ("|') 1 ("|'))

in this case either (1) or (*)1 is the only way that any possible text between the quotes ends up in 1 instead of the quote itself...



Well in many cases you can just place a space between the parens and the 1, but  even doing (foo)11 would still be faster than (foo)(*)1 . Also ("|') is another example of an unneeded check.  A single " will always match both (")  and (') - and before you say it, yes ALWAYS, it's not affected by smart quotes or anything else.


quote:

so there's purpose to the above afteral, the parenthesis serve to prevent the variable receiving that which is matched in front of the parenthesis...



There's no purpose - except maybe to warm up your CPU on a cold day. Many of your statements about the way things work simply aren't true, or if they are you need to provide an actual isolated example (since it's probably a bug).

 

15
Questions and Answers / Viewer for $ADDLST logs?
« on: June 25, 2002, 02:25:12 AM »
BTW: Just to let everyone know - the next version of Proxomitron will include a setting to allow blockfiles to be safely used as logs (by adding a "LOGFILE" keyword at the top).  So just be a little patient.





 

Pages: [1] 2 3 ... 6