Andrew's Security Filter (Proxomitron) - Similar to NoScript

I'm cautious about my wording for this topic's title to make sure I'm not leveraging NoScript's fame to promote my Proxomitron filterset. The reason I'm referencing NoScript is because my filters are designed to function very similarly to NoScript (without all the advanced features such as clickjacking protection, etc.), with the added benefit that it can be used in all browsers, including Firefox.

Tested and working in IE, Firefox, Chromium, Safari, Opera. Should work well in all browsers that allow the user to use an HTTP proxy. There may be inconsistencies across browsers in terms of appearance.

Follows is a basic overview of my filter set and screenshots. For more information and to download my filterset, please visit TUOPF (The Un-Official Proxomitron Forum): http://prxbx.com/forums/showthread.php?tid=970

What it does:

I'd like to think of it as a "NoScript" for all browsers (thanks to Proxomitron of course).

Basically removes all <(no|)script|applet|object|embed)> (and iframe as of Nov. 11, 2007) tags on sites that aren't in the whitelist, and gives you the option of adding an untrusted site to the whitelist - (by two methods: 1) by domain, showing you have great trust in them and, 2) by domain + path, which is ideal for a trusted subdirectory on a domain) - in the very simple yet easy to use "navigation" bar that appears on all filtered sites.

You can easily choose to allow embed or iframe tags (for example) by default by simply going into Header filters and unticking the respective checkbox beside the filter(s). By default, all tags are set to be removed.

Screenshots:


Buttons are now translucent (when not hovered over). The green "A" button toggles the Allow options, while the red "B" button bypasses all filtering on the current page.


Counters are shown when your cursor is over the two buttons (and are automatically hidden when your mouse isn't over them). New in v5.60, you see a list of external, third-party scripts that have been removed (if any)


If you click on Allow (the green button), you can choose to allow the whole host or the specific path.


If you click on Advanced, you're able to tick which elements you want to allow for the host/path. The Advanced link acts as a toggle to display the element checklist.

 

Proxomitron has been around a lot longer than NoScript. Those abilities have always been there for anyone capable of writing the appropriate filters. I've used Proxo for many years but the ability to write filters like that are beyond my skills. I'm looking forward to testing them. Thanks for the info, and for an updated filter set for one of the most powerful and versatile web filtering apps in existence.

 

i'm going to start again with my filters, i tried the new sidki filters for a few days and liked them. so can i just merge these with the new sidki filters? or will they clash, or what?

 

Looks interesting - and it reminds me that I never wrote about proxo on my site, which I will ...
Mrk

 

Mrvonic, when you do this, please also test proxo with your routers web interface. I have found on multiple browsers, that having a local proxy like this interferes with some routers. Login is denied. Disabling proxo has no effect. Only removing the local proxy and having direct connection would allow it. I would be interested to see if you find the same thing. If you don't know much about proxies, it may prove frustrating to figure out why this is happening. I suppose that assumes you actually know your router has a web interface though.

Sul.

EDIT: not to actually say 'you' don't know about routers or proxies, erm, 'you' as in any user lol

 

I actually use Sidki's config set and built this filterset "upon" his filters, so there should be no conflict.

I want to note that Sidki's set has the capability to remove all scripts or third-party scripts (if you look in the Headers section). This filterset is for those users who want behavior similar to NoScript and whitelist JavaScript (and other elements) on certain pages, while blocking those elements on unwhitelisted pages/sites.

I appreciate the comments everyone! Sully, that's a good point. I wonder if adding "127.0.0.1" to your Bypass List would solve the issue, but then again I experienced the same issue at my previous workplace (even if I bypassed Proxomitron).

My motivation for continuing to work on this filter for 2 years is twofold: 1) to maintain security and privacy, and 2) to allow non-Firefox users to enjoy NoScript-like filtering.

 

In my experience (9 years as a Proxo user and 6 of those years behind routers), I've never been unable to access the router interface via its proxy. This includes the manufacturer's interface as well as my current DD-WRT and Tomato interfaces. Proxo's filter setup may interfere with some interface functionality. When that occurs, I generally bypass the proxy.

 

I use Sidki's latest as well and had the same concern. I will merge tomorrow. Thanks for your effort.

 

Sounds like you have been using it about as long as I have lol.

I have had dlink,linksys,belkin and netgear routers all do this for me, with both windows 2000,xp and now 7. I rarely use IE, so local proxy is not enabled. I used to use Opera primarily and Kmeleon occasionally, now mainly Kmeleon. I have had this issue with many different filters in place. Not all routers do it, but most do. I have never seen why it does it, especially over 3 different OS's. I have a menu item now in place to quickly disable proxo when I need to interface the router. I have seen this issue on my last 6 computers, both laptops and desktops, both from default and tweaked OS installs. It has happened to all versions of proxo I have had over the years. I even used the updated certificates and some of the hex editing tweaks floating around. It has just always been. I assumed it was the same for everyone.

Strange.

Sul.

 

I have a lot more to test and check through, but I just merged the Andrew filters with my set, and they work as described. My filterset is a combination of the default filters, parts of the old JD-List, Sidki, plus a few of my own. So far, they're getting along fine.

I've listened to NoScript users complain about what Proxomitron doesn't do or doesn't filter for some time. Filters like these, especially the buttons on the page, will go a long way in showing them just how good Proxomitron really is.

Proxomitron did interfere with accessing the menus on my Westell DSL modem. I had been switching to bypass mode, which worked fine. The previous post that suggested adding the local IP to the bypass list gave me the idea of adding the Westell's LAN IP to Proxomitron's bypass list instead. I no longer have to bypass Proxomitron to access the modem.

The browsers I've used all establish a connection to 127.0.0.1 when they start. Could this create a condition a browser could use to bypass the filtering?

 

Thanks Kye-U for this filterset. I noticed that the two colored buttons don't show at times and then other times they do. I use the latest Opera if that makes a difference. If there is a configuration adjustment I need to make, let me know. Thanks again.

 

Hi ParadigmShift, the two buttons are set to only appear when listed tags are removed from the current page. If the page has no offending tags, then the buttons do not appear. Do you have a URL I can test?

 

Actually, I have it installed on 5 PCs and only one shows the buttons. All 5 PCs are XP Pro and practically identical. Strange.

[EDIT]
I'm sorry Kye-U, I found it. The one PC that showed the buttons had Javascript enabled in the browser. The other 4 PCs had Javascript disabled. I accidently overlooked that. I'm a little embarrassed right now. 50 lashes for me. My apologies and thanks again for your filterset.

 

I'm glad to hear you found the problem Don't worry about it; I hope you find it useful. Feel free to provide any feedback in regard to any improvement(s) to the filters!

 

thanks for the help

 

Can some one please tell me if Proxomitron works on Windows 7??

 

Working well for me on Windows 7 with IE8 and Opera 9.64 using Sidki's and Andrew's latest stable configs. Note that I have 7's firewall turned off and use Malware Defender for network control.

 

Also note that, like Vista, if you are logged in as a standard user (with limited admin control) you will have to run the Proxomitron executable as full admin (via right-click) in order to save config settings.

 

thx that's good to hear. I do plan to get windows 7 when it comes out so I am only learning how to use apps I like that will work on windows 7. otherwise it is a waste of time.