Kye-U's Browser Security Pack [Proxomitron] v4.30

Discussion in 'other security issues & news' started by Kye-U, Feb 7, 2005.

Thread Status:
Not open for further replies.
  1. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Kye-U's Browser Security Pack [Proxomitron]

    Hey Kye-U,

    I have taken the liberty to split your post of into a thread of it's own. I feel we should keep version changes separate in order to confine any particular problems that may arise related to that version in it's own thread.

    Regards,
    Bubba
     
  3. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Re: Kye-U's Browser Security Pack [Proxomitron]

    Thanks Bubba!

    I agree ;)
     
  4. dog

    dog Guest

    And Thanks to You Kye-U ;)

    Sweet! ;) I'll have to test it out in a moment. A nice quick patch. ;)

    Steve
     
  5. dog

    dog Guest

    It Works :)

    Thanks Kye-U ;)
     

    Attached Files:

  6. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Code:
    [Patterns]
    Name = "IDN "xn--" URL Remover [Kye-U]"
    Active = TRUE
    URL = "(*.|)xn--"
    Limit = 1
    Match = "?"
    Replace = "\k"
              "<b><font face="sans-serif" color="Red" size="6">Connection Killed - Proxomitron</font>"
              "<br><br><font face="sans-serif" color="Red" size="3">This is an <b>IDN Spoofed</b> Site!"
              "<br><br>Real URL: \u</font></b>"
    Test here: Spoofed URL

    I've made it so that it kills the connection and prints a warning and also the Real URL (looks like www.xn--blah.com)

    I'm planning to release v4.31 (with this filter as the new addition) as soon as I get some approval of this filter, and possibly make any changes to my pack.

    Now is the time to criticize/suggest ^_^

    Thanks!
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    how do i install it? i merged your last filters with JD's filters and jaxpack's (is it OK to merge those three together, or not needed?). do i have to delete the merged filters then start again?
     
  8. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    This is only one filter.

    Highlight everything in the code box, right-click and copy.

    Go into Proxomitron's main window, click on "Edit Web Filters" and right-click on the blank space and click on import :cool:

    Then test it out by clicking on that link in my last post ;)
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Kye-U. i understand now, i wasn't paying attention :oops: i'll edit the filters as above :) thanks.
     
  10. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Sort of updated my other filter to catch those hex characters in the URL link as well ^_^

    Code:
    [Patterns]
    Name = "Spoofed Address Exploit [Kye-U]"
    Active = TRUE
    URL = "(^$TYPE(css))"
    Bounds = "($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))"
    Limit = 1024
    Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|\&#)0[01])+{1,2})))[^/]++[@|%40]\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%2F((%20|\s)+{1,*})[^/]++.\2"
            "|\0://(\1.([a-z]+{2,4})|*.*/)%(2F|01)[@|%40]\2"
            "|\0://(\w.|)\w(\&#*;|%[a-z0-9][a-z0-9])\w.([a-z]+{2,4})*"
            "|\0://(*|)xn--*.([a-z]+{2,4})*"
            "$SET(\9=Think you're on Microsoft but you're on Yahoo? This filter will prevent the threat of such a situation."
            ""
            "http://www.securityfocus.com/bid/10517/info/"
            "http://secunia.com/advisories/10395/"
            "http://www.securityfocus.com/bid/10532/info/)"
    Replace = "<strong>[URL Spoofing Exploit Removed]</strong>"
              "$ALERT(URL Spoofing Vulnerability Detected and Removed on:\n\n\u)"
    Please comment/suggest on it :D
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116

    Attached Files:

    Last edited: Mar 8, 2005
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    can i bump this? :p
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Yep....and I can raise it one :cool:
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.