Kye-U's Browser Security Pack [Proxomitron] v4.30

Discussion in 'other security issues & news' started by Kye-U, Feb 7, 2005.

Thread Status:
Not open for further replies.
  1. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Kye-U's Browser Security Pack [Proxomitron]

    Hey Kye-U,

    I have taken the liberty to split your post of into a thread of it's own. I feel we should keep version changes separate in order to confine any particular problems that may arise related to that version in it's own thread.

    Regards,
    Bubba
     
  3. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Re: Kye-U's Browser Security Pack [Proxomitron]

    Thanks Bubba!

    I agree ;)
     
  4. dog

    dog Guest

    And Thanks to You Kye-U ;)

    Sweet! ;) I'll have to test it out in a moment. A nice quick patch. ;)

    Steve
     
  5. dog

    dog Guest

    It Works :)

    Thanks Kye-U ;)
     

    Attached Files:

  6. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Code:
    [Patterns]
    Name = "IDN "xn--" URL Remover [Kye-U]"
    Active = TRUE
    URL = "(*.|)xn--"
    Limit = 1
    Match = "?"
    Replace = "\k"
              "<b><font face="sans-serif" color="Red" size="6">Connection Killed - Proxomitron</font>"
              "<br><br><font face="sans-serif" color="Red" size="3">This is an <b>IDN Spoofed</b> Site!"
              "<br><br>Real URL: \u</font></b>"
    Test here: Spoofed URL

    I've made it so that it kills the connection and prints a warning and also the Real URL (looks like www.xn--blah.com)

    I'm planning to release v4.31 (with this filter as the new addition) as soon as I get some approval of this filter, and possibly make any changes to my pack.

    Now is the time to criticize/suggest ^_^

    Thanks!
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    how do i install it? i merged your last filters with JD's filters and jaxpack's (is it OK to merge those three together, or not needed?). do i have to delete the merged filters then start again?
     
  8. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    This is only one filter.

    Highlight everything in the code box, right-click and copy.

    Go into Proxomitron's main window, click on "Edit Web Filters" and right-click on the blank space and click on import :cool:

    Then test it out by clicking on that link in my last post ;)
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Kye-U. i understand now, i wasn't paying attention :oops: i'll edit the filters as above :) thanks.
     
  10. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Sort of updated my other filter to catch those hex characters in the URL link as well ^_^

    Code:
    [Patterns]
    Name = "Spoofed Address Exploit [Kye-U]"
    Active = TRUE
    URL = "(^$TYPE(css))"
    Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
    Limit = 1024
    Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|\&#)0[01])+{1,2})))[^/]++[@|%40]\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
            "|\0://(\w.|)\w(\&#*;|%[a-z0-9][a-z0-9])\w.([a-z]+{2,4})*"
            "|\0://(*|)xn--*.([a-z]+{2,4})*"
            "$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
            ""
            "http://www.securityfocus.com/bid/10517/info/"
            "http://secunia.com/advisories/10395/"
            "http://www.securityfocus.com/bid/10532/info/)"
    Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
              "$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"
    Please comment/suggest on it :D
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116

    Attached Files:

    Last edited: Mar 8, 2005
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    can i bump this? :p
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yep....and I can raise it one :cool:
     
Loading...
Thread Status:
Not open for further replies.