The Un-Official Proxomitron Forum / Proxomitron Filters / Privacy/Security/Spam / StartPanic ?


Post Reply 
StartPanic ?
May. 11, 2009, 07:27 PM (This post was last modified: May. 11, 2009 07:59 PM by Toppy.)
Post: #1
Toppy Offline
Member
**
 		Posts: 123
Joined: Apr 2008
StartPanic ?
Hi,

I dunno if this has been talked about here, but it seems to be quite easily for
a website to get all your website visiting history.

http://startpanic.com/
I only tested it with FF 3.0.x, where it is *working* Pervert
FF 3.1beta with Private Browsing enabled should protect from :visited mishandling.

I have no clue if that could be fixed with some kind of filter ?
I had to bypass Proxo for the Let's Start! button to work though.

Anyway, it is explained here : http://sharovatov.wordpress.com/2009/04/...acy-issue/

and seems to make use of a predefined database here (1.3 MB big) http://startpanic.com/db/db_en.txt
Add Thank You Quote this message in a reply
May. 11, 2009, 11:48 PM
Post: #2
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
RE: StartPanic ?
Interesting!


(May. 11, 2009 07:27 PM)Toppy Wrote:  I have no clue if that could be fixed with some kind of filter ?

I don't think so, because - if i got the code correctly - the database links are loaded into a "about:blank" iframe, after inserting this tag:

Code:
<STYLE>a{color: #000000; display:none;}a:visited {color: #FF0000; display:inline;}</STYLE>

Then their "display" style is evaluated and reported back to the main document.
Now, Proxomitron scripts or CSS obviously aren't inserted into "about:blank" documents.


Quote:I had to bypass Proxo for the Let's Start! button to work though.

I had to select "Allow Ad JavaScript" -> "Go" from the Proxomitron menu.
Add Thank You Quote this message in a reply
May. 12, 2009, 11:07 AM
Post: #3
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
RE: StartPanic ?
...but you could change the to-be-injected code the hard way. It's also good enough for Gemal's http://browserspy.dk/css-exploit.php . (In JavaScript, however, there is always a way to hide specific code, if someone really wants to...)

Without the second line in the Matching Expression the filter is stand-alone. In that case it might match where it shouldn't, though.

Code:
[Patterns]
Name = "CSS: Block "visited" Selector"
Active = TRUE
URL = "$TYPE(css)|$TYPE(js)|$TYPE(htm)"
Limit = 16
Match = ":visited( {)\1"
        "&(^$TYPE(htm))|$TST(tStyle=*)"
Replace = ":focus\1"
Add Thank You Quote this message in a reply
Jun. 15, 2009, 01:32 AM
Post: #4
43unite Offline
Member
**
 		Posts: 109
Joined: Aug 2005
RE: StartPanic ?
Just saw this at the Mozillazine forum:
http://forums.mozillazine.org/viewtopic....a&start=15

Posted April 26th, 2009, 11:32 am
On Windows, I use Proxomitron to filter web pages. Someone wrote a quick Prox filter to defeat that CSS snooping. This is the Prox filter:
Code:
[Patterns]
Name = "Foil Style Tracking (CSS)"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(css)|$IHDR(Content-Type: (*xml*))) &(^[^.]+.grc)"
Limit = 15
Match = ": visited"
Replace = ":nonvisited"

On Mac OS, I use BFilter to filter web pages. The filter that I added for that is in an extra filter file and is this:
Code:
[Hide Visited Condition]
content type = *
url = /http://.*\.(js|html|htm|php|asp|jsp|cfm|css)/
search = /:\s*visited/
replace = :nonvisited

What do you think?
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication