adding a web filter in proxomitron

Discussion in 'other security issues & news' started by iceni60, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i want to add Kye-U's Spoofed Address Exploit filter, but i'm not sure how. is the screenshot below correct? from here and the thread is here. i put the thread URL in because there are other filters used in the thread and i'm not too sure which one i should use. thanks :)

    **NOTE** if it looks right, did you notice i put " at the beginning and endings of the lines, do i need them or not? thanks :)

    the other way i thinking of was to save it as a .cfg, then put it in the proxo folder and mergeing, one at a time, to the different filters i use
     

    Attached Files:

  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Code:
    [Patterns]
    Name = "Spoofed Address Exploit [Kye-U]"
    Active = TRUE
    URL = "(^$TYPE(css))"
    Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
    Limit = 1024
    Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|\&#)0[01])+{1,2})))[^/]++[@|%40]\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
            "|\0://(\w.|)\w\&#*;\w.([a-z]+{2,4})*"
            "|\0://(*|)xn--*.([a-z]+{2,4})*"
            "$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
            ""
            "http://www.securityfocus.com/bid/10517/info/"
            "http://secunia.com/advisories/10395/"
            "http://www.securityfocus.com/bid/10532/info/)"
    Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
              "$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"
    Highlight everything in the code box (the filter), right-click and copy.

    Go into Proxomitron's main window, click on "Edit Web Filters", click on any filter, right-click on a blank space and click on import.
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Kye-U :) thanks for helping me again. i'm going to do it now, i'll let you know how it goes. thanks
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i did it. it now appears in red in the web filters. thanks for your help, Kye-U :) .
    it took me afew goes to get right though. do you use the patched version of proxomitron?
     
  5. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    No problem!

    Yes, I use Henk's Patch for Proxomitron 4.5j ;) I'm using v4 Beta 2.
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i might go and have alook at Henk's Patch for Proxomitron 4.5j, that's the version i have. thanks :)
     
  7. yogishree

    yogishree Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    871
    Location:
    Chhattisgarh-India
    Hi Kye-U,

    I have been using your filter set in my Patched Prox 4.5j for some time now and without major problems.Sometimes "Error connecting to site " msg received but after reload the the site accessed.

    As suggested in these posts , I copied out the code onto my set with following results:
    a) terrible slow down in browsing speeds b) ferquent broken connections.

    what could be the possible reason-could it be installation of the new filter.

    some background. I am on a WIN ME OS with (1) Opera 7.54 (2) Kerio 2.5.1 (3) McAfee AV (4) Hosts file(15.1.05 ver) of Hosts File Project.

    Is there some conflict somewhere.The difference in operating the system is perceptible after loading the new filter. Can I delete the new fiter if so how OR if the whole filter set is to be replaced - I am game.

    Any suggestions pal.3 broken connections while posting this.
     
    Last edited: Feb 12, 2005
  8. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
Loading...
Thread Status:
Not open for further replies.