adding a web filter in proxomitron

hi, i want to add Kye-U's Spoofed Address Exploit filter, but i'm not sure how. is the screenshot below correct? from here and the thread is here. i put the thread URL in because there are other filters used in the thread and i'm not too sure which one i should use. thanks

**NOTE** if it looks right, did you notice i put " at the beginning and endings of the lines, do i need them or not? thanks

the other way i thinking of was to save it as a .cfg, then put it in the proxo folder and mergeing, one at a time, to the different filters i use

 

Code:

[Patterns]
Name = "Spoofed Address Exploit [Kye-U]"
Active = TRUE
URL = "(^$TYPE(css))"
Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
Limit = 1024
Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|\&#)0[01])+{1,2})))[^/]++[@|%40]\2"
        "|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
        "|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
        "|\0://(\w.|)\w\&#*;\w.([a-z]+{2,4})*"
        "|\0://(*|)xn--*.([a-z]+{2,4})*"
        "$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
        ""
        "http://www.securityfocus.com/bid/10517/info/"
        "http://secunia.com/advisories/10395/"
        "http://www.securityfocus.com/bid/10532/info/)"
Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
          "$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"

Highlight everything in the code box (the filter), right-click and copy.

Go into Proxomitron's main window, click on "Edit Web Filters", click on any filter, right-click on a blank space and click on import.

 

hi, Kye-U thanks for helping me again. i'm going to do it now, i'll let you know how it goes. thanks

 

i did it. it now appears in red in the web filters. thanks for your help, Kye-U .
it took me afew goes to get right though. do you use the patched version of proxomitron?

 

No problem!

Yes, I use Henk's Patch for Proxomitron 4.5j I'm using v4 Beta 2.

 

i might go and have alook at Henk's Patch for Proxomitron 4.5j, that's the version i have. thanks

 

Hi Kye-U,

I have been using your filter set in my Patched Prox 4.5j for some time now and without major problems.Sometimes "Error connecting to site " msg received but after reload the the site accessed.

As suggested in these posts , I copied out the code onto my set with following results:
a) terrible slow down in browsing speeds b) ferquent broken connections.

what could be the possible reason-could it be installation of the new filter.

some background. I am on a WIN ME OS with (1) Opera 7.54 (2) Kerio 2.5.1 (3) McAfee AV (4) Hosts file(15.1.05 ver) of Hosts File Project.

Is there some conflict somewhere.The difference in operating the system is perceptible after loading the new filter. Can I delete the new fiter if so how OR if the whole filter set is to be replaced - I am game.

Any suggestions pal.3 broken connections while posting this.

 

Perhaps it's an older version? Around v 4.06 was where I did a major recoding of my pack to improve Browsing Speeds.

https://www.wilderssecurity.com/showthread.php?t=66051 is where you can find v4.31