Kye-U's Browser Security Pack [Proxomitron] v4.30

I can't edit my first post?

Updated to v4.30: http://www.kye-u.com/proxo/forums/index.php?showtopic=131&st=225&#

Last Updated: February 7th, 2005 - 8:12PM EST

 

Re: Kye-U's Browser Security Pack [Proxomitron]

Hey Kye-U,

I have taken the liberty to split your post of into a thread of it's own. I feel we should keep version changes separate in order to confine any particular problems that may arise related to that version in it's own thread.

Regards,
Bubba

 

Re: Kye-U's Browser Security Pack [Proxomitron]

Thanks Bubba!

I agree

 

And Thanks to You Kye-U

Sweet! I'll have to test it out in a moment. A nice quick patch.

Steve

 

It Works

Thanks Kye-U

 

Code:

[Patterns]
Name = "IDN "xn--" URL Remover [Kye-U]"
Active = TRUE
URL = "(*.|)xn--"
Limit = 1
Match = "?"
Replace = "\k"
          "<b><font face="sans-serif" color="Red" size="6">Connection Killed - Proxomitron</font>"
          "<br><br><font face="sans-serif" color="Red" size="3">This is an <b>IDN Spoofed</b> Site!"
          "<br><br>Real URL: \u</font></b>"

Test here: Spoofed URL

I've made it so that it kills the connection and prints a warning and also the Real URL (looks like www.xn--blah.com)

I'm planning to release v4.31 (with this filter as the new addition) as soon as I get some approval of this filter, and possibly make any changes to my pack.

Now is the time to criticize/suggest ^_^

Thanks!

 

how do i install it? i merged your last filters with JD's filters and jaxpack's (is it OK to merge those three together, or not needed?). do i have to delete the merged filters then start again?

 

This is only one filter.

Highlight everything in the code box, right-click and copy.

Go into Proxomitron's main window, click on "Edit Web Filters" and right-click on the blank space and click on import

Then test it out by clicking on that link in my last post

 

thanks, Kye-U. i understand now, i wasn't paying attention i'll edit the filters as above thanks.

 

Sort of updated my other filter to catch those hex characters in the URL link as well ^_^

Code:

[Patterns]
Name = "Spoofed Address Exploit [Kye-U]"
Active = TRUE
URL = "(^$TYPE(css))"
Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
Limit = 1024
Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|\&#)0[01])+{1,2})))[^/]++[@|%40]\2"
        "|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
        "|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
        "|\0://(\w.|)\w(\&#*;|%[a-z0-9][a-z0-9])\w.([a-z]+{2,4})*"
        "|\0://(*|)xn--*.([a-z]+{2,4})*"
        "$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
        ""
        "http://www.securityfocus.com/bid/10517/info/"
        "http://secunia.com/advisories/10395/"
        "http://www.securityfocus.com/bid/10532/info/)"
Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
          "$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"

Please comment/suggest on it

 

can i turn off the IFRAME buffer overflow exploit if i only use firefox?

if so, is it the bottom filter in the screenshot? thanks http://emoticons4u.informationalot.com/cartoon/1224.gif

EDIT i found the correct filter, the one i had is wrong

 

can i bump this?

 

Yep....and I can raise it one