The Un-Official Proxomitron Forum
sneaky TV style flash ads - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38)
+--- Forum: Filter Help/Request (/forumdisplay.php?fid=31)
+--- Thread: sneaky TV style flash ads (/showthread.php?tid=1361)

sneaky TV style flash ads - bugger - May. 05, 2009 10:16 AM

I was watching this "why linux sucks" talk and suddenly a TV style ads appears at the 15minute mark. Possible to defeat the ads?

http://lunduke.com/?p=429

RE: sneaky TV style flash ads - Kye-U - May. 10, 2009 06:54 AM

I noticed that when I loaded the video, Sidki's config caught two things:

Code:
+++GET 37045+++
GET /scripts/flash/freewheel/AdManagerNew.swf?logLevel=VERBOSE&cb=0.892479598056525 HTTP/1.1
Host: e.blip.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090427 Firefox/3.5.9.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 600
Connection: keep-alive
!-||||||||||||: Killed
Client-IP: 66.93.132.126
Via: 1.1 lanproxy:9943 (squid/2.5.STABLE4), 1.1 proxy859 (NetCache NetApp/5.4R1D2)
BlockList 37046: in AdPaths, line 272
GET 37046 : Connection killed: AdP ads
BlockList 37046: in US-IPs, line 57
BlockList 37046: in Via, line 70
BlockList 37046: in User-Agents, line 45
GET 37046 : Time: 02:43:50::187

+++GET 37046+++
GET /ads/ss_ads2.swf HTTP/1.1
Host: media.scanscout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090427 Firefox/3.5.9.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 600
Connection: keep-alive
!-||||||||||||: Killed
Client-IP: 66.80.139.150
Via: 1.1 localhost.localdomain:8043 (Boramae/4.0.0), 1.1 URANUS187 (NetCache NetApp/5.5R1D1)
RedirectTo: http://local.ptron/nirvana
BlockList 37047: in IncludeExclude, line 263
GET 37047 : Keywords (List): .
BlockList 37047: in US-IPs, line 61
BlockList 37047: in Via, line 72
BlockList 37047: in User-Agents, line 45
GET 37047 : Time: 02:43:53::312
BlockList 37048: in Mem-SpoofVars, line 265
BlockList 37048: in User-Agents, line 45
GET 37048 : Time: 02:43:53::343

After watching the video up to the 15:00 mark, there were no ads that popped up.

So if you kill the connections to the following URLs, I wonder if the ads will not appear for you as well.:

http://e.blip.tv/scripts/flash/freewheel/AdManagerNew.swf?logLevel=VERBOSE&cb=0.892479598056525
http://media.scanscout.com/ads/ss_ads2.swf

RE: sneaky TV style flash ads - lnminente - May. 10, 2009 01:42 PM

I saw there http://ad.doubleclick.net/crossdomain.xml, and thinked could be interesting writing a filter to redirect crossdomain.xml from adsources to a crossdomain.xml local file. Someone know the good parameters in this file for doing this?

The standard is: http://www.adobe.com/xml/dtds/cross-domain-policy.dtd

RE: sneaky TV style flash ads - sidki3003 - May. 15, 2009 02:06 PM

This is a very interesting idea. I've played a bit with it, both, a local policy file and filtering crossdomain.xml.

Filtering because i was trying to block all "3rd party" flash objects. However, for each modification there was always a major site being broken.


(May. 10, 2009 01:42 PM)lnminente Wrote:  Someone know the good parameters in this file for doing this?

Below are those that were helpful for me. The URL in the comment goes into the details.

Local crossdomain.xml:
Code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!--
  Explained at:
  http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
-->

<cross-domain-policy>
<!--
  Domains from where *pulling* data is allowed.
  One tag per host, or "*" wildcard.  "foo" never matches.
-->
  <allow-access-from domain="foo" />

<!--
  Domains that are allowed to *push* data (via SOAP headers).
-->
  <allow-http-request-headers-from domain="foo" headers="*" />

<!--
  Meta policy.  "none" doesn't even allow this master policy file
  ("master-only" is default).
-->
  <site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>


Anyway, when it came to simply redirect policy files from ad servers, using a local file which doesn't break XML - dummy.js in my case - did the job just as well, so i'm not going to use above file.

Regarding mentioned problem page, redirecting these files are removing the ads for me:
ad.doubleclick.net/crossdomain.xml
[^.]+.scanscout.com/crossdomain.xml

RE: sneaky TV style flash ads - lnminente - May. 16, 2009 01:09 PM

Thanks for the research Sidki! Well i was testing with the crossdomain.xml but i had no success. If i replace the onsite crossdomain.xml the flash is reporting a error. And if i replace the xml from doubleclick i still see ads.

By other way replacing the one from doubleclick by dummy.js (i use empty file instead) kills the ad, but has a small inconvenient, the flash keeps like buffering forever, it requires we press the play button. If i found something new i will report it later

RE: sneaky TV style flash ads - lnminente - May. 16, 2009 02:13 PM

Solved, the problem is i was replacing http://pagead2.googlesyndication.com/pagead/scache/googlevideoads.swf for an html local file. Now working so good Smile!

RE: sneaky TV style flash ads - sidki3003 - May. 16, 2009 06:56 PM

I use a local Flash for such redirects, the smallest one i found, 27 Bytes, i'll attach it.
(If someone knows of a nicer one, like a little bug, or a colored pixel, let me know.)

Do you remember on which page(s) you got that googlevideoads Flash?

I'm blocking flash.quantserve.com/ , invoked by Flash e.g. at http://lunduke.com/?p=429 , http://www.justin.tv/ , http://www.abadiadigital.com/ .

The next one i'm not yet sure about, because some bin.clearspring.com Flash objects are required. However, the one i get almost daily does nothing but tracking: bin.clearspring.com/lib/[^/]+/l[^?]++.swf . That entry is of today, so i just have the muzicons.com Flash at http://nomanymore.blogspot.com/ as example.

RE: sneaky TV style flash ads - lnminente - May. 17, 2009 03:10 AM

Nice file! The first and only time i have seen this googlevideoads.swf was today in the first link posted. But maybe the webmasters were doing some tests, i don't see it actually but sure we will see it more and more in short time.

RE: sneaky TV style flash ads - sidki3003 - May. 18, 2009 02:11 PM

Unfortunately some major sites seem to check if the Flash ads have been loaded.

Redirecting ad.doubleclick.net/crossdomain.xml breaks http://www.nhl.tv/team/console.jsp?hlg=20082009,3,321 (would require allow-access-from domain="*.neulion.net").
Redirecting googlevideoads.swf breaks http://perezhilton.com/2009-05-17-love-game .

RE: sneaky TV style flash ads - lnminente - May. 18, 2009 08:17 PM

mmm I see and confirm it too... :/