IDN URL Exploit Filters - Printable Version +- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums) +-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38) +--- Forum: Privacy/Security/Spam (/forumdisplay.php?fid=10) +--- Thread: IDN URL Exploit Filters (/showthread.php?tid=421) |
- sidki3003 - Mar. 05, 2005 01:51 PM The discussion about this spoofing vulnerability and possible solutions with Proxomitron started at Y!G prox-list. I'm cross-posting here. See Secunia News or The Shmoo Group for testcase and explanation. Only Gecko browsers and Opera are affected, Internet Explorer doesn't have a Punycode handler. Mozilla.org released a Firefox update that - among other things - always displays the real Punycode URL by default -- See here. In my opinion this is the best way to handle that issue, since it doesn't involve any page modifications (or blocks, Punycode URLs are widely used in East-Asia and usually perfectly legit) on the part of Prox. While you can "emulate" that new Firefox behavior with a filter for older Gecko browsers, Opera refuses to explicitely display *any* URL starting with "xn--" (try e.g. xn--foobar.com). Consequently, you'd need to mask that "xn--" in some way: Code: [HTTP headers] Notes: Because the browser is seeing a different domain ("xn__" instead of "xn--") now, you may need to bypass the filters if you want to accept cookies from an "xn--" site. Any URL command applied to the URL before the $JUMP isn't in effect afterwards. The $JUMP needs to wait for an initial response to avoid being executed for HTTPS URLs, if "Use SSLeay..." is deactivated in the Prox settings. The stand-alone version can't check if the current user-agent really needs that procedure. The version for my set is here. sidki - JakBeNymble - Mar. 05, 2005 05:27 PM Hey "sidki3003", Great work!!! got'em, installed'em, working link a charm! ~"JaK"~ [smoke] - sidki3003 - Mar. 05, 2005 09:52 PM Cool! - Kye-U - Mar. 05, 2005 10:55 PM I'm including these two filters in my next KBSP update Very nice work Sidki! [thumbs] - sidki3003 - Mar. 05, 2005 11:33 PM Good to hear that these filters actually work for you (lots of little obstacles while writing/testing)! *lol* |