Author Topic: Windows Media Player Pragma: log-line  (Read 3121 times)

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Windows Media Player Pragma: log-line
« on: June 24, 2002, 06:27:44 PM »
I have Windows Media Player configured to go through Proxomitron and I
recently noticed an HTTP POST that was triggered at the end of a video
clip embedded in an HTML page. This POST contained an HTTP header starting
with
Pragma: log-line=  
followed by a whole bunch of stuff.
Included in it was the IP address of my computer, as well as the name of
my computer.
Unfortunately I haven't been able to cause this POST to happen again, so I don't
know what it was that triggered it. And in my trying to recreate it, I
forgot to copy and save the header line from the Log Window.  
So I'm not certain if it was "log-line" or "log_line".
I haven't found anything on the net that provides any clue about this
header. For now I've put in a header filter that looks for any occurrence
of my computer name in a Pragma header and calls $ALERT. Hopefully I'll
be able to catch this again and figure out what is going on.

 
 

sidki3003

  • Sr. Member
  • ****
  • Posts: 476
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Windows Media Player Pragma: log-line
« Reply #1 on: June 24, 2002, 06:40:56 PM »
I'm just trying to do a similar thing
I was reading Jor's post about Windows Media Player:
http://asp.flaaten.dk/pforum/topic.asp?ARCHIVE=&TOPIC_ID=179

Now i'm thinking about a filter that alerts on every outgoing Pragma,
that's *not* "no-cache".

sidki


 
 

TEggHead

  • Jr. Member
  • **
  • Posts: 93
    • ICQ Messenger - 21893433
    • AOL Instant Messenger -
    • Yahoo Instant Messenger - eljarec
    • View Profile
    • Email
Windows Media Player Pragma: log-line
« Reply #2 on: June 24, 2002, 06:53:56 PM »
<del.del..del> me go sit in corner there, me keep quiet now

Edited by - TEggHead on 24 Jun 2002  20:40:41
 

sidki3003

  • Sr. Member
  • ****
  • Posts: 476
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Windows Media Player Pragma: log-line
« Reply #3 on: June 24, 2002, 07:27:45 PM »
That option won't fix it with Windows XP.

This one keeps Media player from working, but one can at least see what's happening.

[HTTP headers]
In = FALSE
Out = TRUE
Key = "Pragma: Block except no-cache (DEBUG) (Out)"
Match = "(^no-cache)&$ALERT(Suspicious outgoing Pragma: )"


 
 

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Windows Media Player Pragma: log-line
« Reply #4 on: June 24, 2002, 07:45:42 PM »
quote:
is the option "Allow Internet sites to uniquelly identify your Player" checked by any chance?


No, I unselected that some time ago and I played around with it
looking at what difference it made to the HTTP Headers. It still sent
the Pragma: xClientGUID, as Jor mentioned, but it sent a different GUID value after
you uncheck that box. I could only guess that it was sending a "generic"
GUID in that case. I suppose we could compare GUID's to see if that is the
case.

 
 

sidki3003

  • Sr. Member
  • ****
  • Posts: 476
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Windows Media Player Pragma: log-line
« Reply #5 on: June 24, 2002, 08:02:12 PM »
At least there is a workaround.

Pragma: log-line=0.0.0.0 2002-06-24 18:39:12 - ...
isn't needed. I just tried this mod of Jor's filter.

In = FALSE
Out = TRUE
Key = "Pragma: Block WiMp Reporting (Out)"
Match = "(xClientGUID|log-line)="


 
 

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Windows Media Player Pragma: log-line
« Reply #6 on: June 24, 2002, 11:13:34 PM »
So have you actually seen one of these Pragma: log-line headers as well?
The times that I've seen it, it almost looked like the POST call wasn't
supposed to happen. There was no data in the POST, and the URL for it
was the same as the URL for the video, and the server responded with an
error. But what worried me was that this might be some sort of built-in
thing about media player that other sites could be using, even if the
one I saw didn't seem to be configured to use it.
BTW, I'm using v 6.4 of media player.

 
 

pooms

  • Jr. Member
  • **
  • Posts: 75
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Windows Media Player Pragma: log-line
« Reply #7 on: June 25, 2002, 06:25:41 PM »
I think I understand now why I wasn't always seeing the HTML POST with
the Pragma : log-line. Although I had configured the media player to
use a proxy for HTTP, I was also allowing it to use all possible protocols
in addition to HTTP. So I guess sometimes it would use HTTP and I would
see it in Proxomitron's Log Window, and other times it would not use
HTTP and I wouldn't see what was happening.

 
 

sidki3003

  • Sr. Member
  • ****
  • Posts: 476
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Windows Media Player Pragma: log-line
« Reply #8 on: June 25, 2002, 06:35:13 PM »
If your firewall supports it and you don't set up a rule for Media Player,
you are always asked when it doesn't connect via Proxomitron.
BTW, that's how i do it with IE as well.

edit: I noticed once that when i denied WMP's direct connect, it then used HTTP via prox .

Edited by - sidki3003 on 25 Jun 2002  19:49:54
 

Jor

  • Sr. Member
  • ****
  • Posts: 421
    • ICQ Messenger - 10401286
    • AOL Instant Messenger - jor otf
    • Yahoo Instant Messenger - jor_otf
    • View Profile
    • http://members.outpost10f.com/~jor/
    • Email
Windows Media Player Pragma: log-line
« Reply #9 on: July 18, 2002, 11:25:57 AM »
Somehow missed this topic...

Take a look at this filter:

In = FALSE
Out = TRUE
Key = "Pragma: Block WiMP GUID Reporting (Out)"
Match = "(xClientGUID|log-line)1= $ALERT(WiMP 1: was sent to u !)"


Think it covers all the bases now.

XPost'd in my old thread.