The Un-Official Proxomitron Forum

Full Version: "Yahoo: Auto Login" filter
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

apacallyps

Greetings.

I remember with Sidki's config in the past all we needed to login to Yahoo! Mail was add "YOUR_NICK" and "YOUR_PW" into Proxo's "Yahoo: Auto Login" filter and it worked, but now it doesn't seem to work. Upon a little investigation I see in the ReadMe file we also need the OpenSSL DLLs, and keep "Use SSLeay/OpenSSL..." enabled in Proxomitron's preferences.

Is this true and what happens if we don't use Proxo's SSLeay/OpenSSL to filter secure pages? Does that mean the Yahoo Mail filter doesn't function? Thanks.

Thanks so much.
Works for me just fine but I use SSLeay/OpenSSL and have " Use Half-SSL " checked in Headers .

apacallyps

Ralph Wrote:Works for me just fine but I use SSLeay/OpenSSL and have " Use Half-SSL " checked in Headers .

Thanks for the comment Ralph.

I've heard there are some security risks involved with using SSLeay/OpenSSL, the developer of Proxomitron, Scott, I think had some words about this, unless I'm mistaken. Any comment?

Does anyone know if you have to use SSLeay/OpenSSL in order for Sidki's "Yahoo: Auto Login" filter (auto login to Yahoo email) to work?

Thank you very much.

Have a good day.
apacallyps Wrote:I've heard there are some security risks involved with using SSLeay/OpenSSL, the developer of Proxomitron, Scott, I think had some words about this, unless I'm mistaken. Any comment?
the last Proxo version was released on June 1, 2003...

OpenSSL was sitting at version 0.9.7b at that time...
current Proxo OpenSSL is version 0.9.8 found here - http://www.geocities.com/sidki3003/prox-ssl.html

there are NO security risks, none...
though you may not want to block "as much" on secure sites as you do on non-secure sites (ie, Spoofing, Scripts, Redir, various headers)...

but filtering SSL is perfectly SAFE...
OpenSSL update history (pertaining to June 2003 Proxo release) -

OpenSSL 0.9.7b, 10 Apr 2003
OpenSSL 0.9.6k, 30 Sep 2003
OpenSSL 0.9.7c, 30 Sep 2003
OpenSSL 0.9.6l, 04 Nov 2003
OpenSSL 0.9.6m, 17 Mar 2004
OpenSSL 0.9.7d, 17 Mar 2004
OpenSSL 0.9.7e, 25 Oct 2004
OpenSSL 0.9.7f, 22 Mar 2005
OpenSSL 0.9.7g, 11 Apr 2005
OpenSSL 0.9.8, 05 Jul 2005
OpenSSL 0.9.7h, 11 Oct 2005
OpenSSL 0.9.8a, 11 Oct 2005
OpenSSL 0.9.7i, 15 Oct 2005
OpenSSL 0.9.7j, 4 May 2006
OpenSSL 0.9.8b, 4 May 2006
OpenSSL 0.9.7k, 5 Sep 2006
OpenSSL 0.9.8c, 5 Sep 2006
OpenSSL 0.9.7l, 28 Sep 2006
OpenSSL 0.9.8d, 28 Sep 2006
OpenSSL 0.9.7m, 23 Feb 2007
OpenSSL 0.9.8e, 23 Feb 2007
OpenSSL 0.9.8f, 11 Oct 2007
apacallyps;

As I see it, the direct answer to your question is 'no, you don't need to enable any SSL stuff in order to log in to Yahoo'. The deal is, one probably doesn't have to fear any 'nasties' when surfing an HTTPS page, but it's nice to filter it anyway, to make it look like what one wants, not what the author wants. Yahoo makes no distinction between secured and regular pages, when it comes to crapadvertising. Banging Head

BTW, I use my own brand of 'auto login' for Yahoo. If you're interested, let me know. Whistling

HTH


Oddysey

apacallyps

Hey, thanks for the replies everyone.

Oddysey, I use Sidki's latest config. The instructions for his
"Yahoo: Auto Login" filter are as follows. Copied from his
ReadMe.txt

- If you use Yahoo! services, edit the "Yahoo: Auto Login" filter, replace
"YOUR_NICK" and "YOUR_PW" with your personal data, and activate it.
Most login screens are using the secure protocol, so you'll need the OpenSSL DLLs (see below), and keep "Use SSLeay/OpenSSL..." enabled in Proxomitron's preferences.

As mentioned in my first post, I'm not using the OpenSSL DLLs
and have "Use SSLeay/OpenSSL..." unchecked. But, I tried Sidki's
filter anyways by editing the "Yahoo: Auto Login" filter, and added
"MY_NICK" and "MY_PW" with my personal data to activate it, but
it didn't work. I couldn't sign in to Yahoo email. Here's the link I use.

http://login.yahoo.com/

which turns into this after accepting the security certificate.

https://login.yahoo.com/config/login_verify2?

I read your comment it "will" work without the SSL stuff
and that would be great, but I don't know what else to say
because I tried it and it failed? Also, you said you had your
own version, I wouldn't mind giving that a try if Sidki's is
not going to work. That would be awesome. Thanks.

Am I missing a step in getting Sidki's Yahoo filter operational?

Thank you.

Best regards,
apacallyps
apacallyps Wrote:......
Am I missing a step in getting Sidki's Yahoo filter operational?
Dunno, I don't use his config set, so I'm not the one to ask, sorry. Sad

My filter is a "bit" simpler, it goes like this:

PHP Code:
Name "Yahoo login page cleaner, semi-auto login"
Active TRUE
URL 
"[^/]++login.yahoo.com\w/"
Limit 32767
Match 
"<body*(<p>Sign in.</p>|<h1>Sign in(<br>|) to Yahoo!</h1>)*</legend>"
Replace "<body LoadOff="document.forms.login_form.login.value='YourYahooUsernameHere';document.forms.login_form.passwd.focus()">" 

Explanation:

Note that I do not include my password. For some reason, I can't bring myself to do that. I do it for nearly all my other secure logins, but not for Yahoo. Call me a Luddite, but there we are. Drool

What I've done is simply to make the onload statement supply the form's field with my username, and then set the focus to the password field, making it ready for me to type in said password. To add the already-filled-in password to your filter, remove the word 'focus()', and replace it with value='YourPasswordHere', and that should take care of the job at hand.

I'm sure you noticed that the name of the filter is "page cleaner", right? So the filter actually looks for the first thing to ordinarily appear on the page, matches all the way to the form fields, and then tosses it all out the window. Whistling That's half the battle. Eh?

At this point, another filter kicks in, and it "cleans" the rest of the page, like so:

PHP Code:
Name "kill Yahoo's mail crap at bottom"
Active TRUE
URL 
"[^/]++login.yahoo.com\w/"
Limit 24576
Match 
"(<p id="sigcopys">|(^/>)\s</fieldset>)*</body>"
Replace "\r\n"
          "<input type="
submit" name=".save" value="Sign In"></form>"
          "\r\n</body>"
          "\r\n</html>"
          "\k" 

This filter looks for some crud with a particular id parameter, or else the end of the fieldset (Yahoo sometimes mixes things up), which comes immediately after the fields but before the submit button. It then captures everything up to the closing Body tag. The replacement text simply puts the Submit button back, politely closes the Body and HTML tags, then kills the connection. All you see are two fields and a button - how cool is that?! Hail (Let alone how much quicker it loads.)

One more thing..... if you are using a filter to block the onLoad function in the Body tag, you'll have to either exclude it in the Match field, or use a list (like I did), here:

PHP Code:
Name "OnLoad unloader"
Active TRUE
URL 
"^$LST(LoaderList)"
Limit 16
Match 
"on(L|l)oad="
Replace "LoadOff=" 

In every instance where I use the onLoad function, I completely rewrite it for my needs. Otherwise, I let Scott do his thing. Applause

OK, I think that's it. A two-part filter, and a list to use with the onLoad blocker (supplied in the default config set), and we're off to the races! Cheers

HTH




Oddysey
Oddysey Wrote:
PHP Code:
Match "on(L|l)oad=" 

Oddysey

does the match field need to be "case sensitive"?


that aside, i think i like the "body LoadOff" login process as a means-to-an-end for a UNIVERSAL auto-login filter - ie, the replace "in blue" being dependent upon the URL and a 'look-up table' that the filter references...

just thinking out loud, but it seems that this "might" be a good way for ONE filter that references ONE "list" to automatically log a user in to Yahoo, MSN, Gmail, Forum 1, Forum 2, Bank Account 1, Bank Account 2, Credit Card 1, Credit Card 2, 401k 1, 401k 2, et cetera...
ProxRocks,

I gave your idea some thought, after the second or third 'specific' log-in filter, but I quickly came to the conclusion that it won't work (easily!) for the reason that each page names their forms differently, their fields differently, their..... it's all different. Sad

Supplying the appropriate names can be done from a list (several lists?) but that makes the filter almost unmanagable from the standpoint of which field to supply for whichever website.

Clearly, my way is brute force, with no elegance whatsoever. However, it is dirt simple to maintain, and to copy to a new filter for additional sites, when the need arises. When Yahoo changes their field names, or even their processes, no problem. I just dbug.. the page, find the new info, and plug it in - Presto! Applause

Let alone that my filter is doing double duty in that it's stripping off a LARGE amount of unsightly crap! Not every page presents itself in the same way, so that'd really complicate my life, trying to keep up with that!Whistling

Still, for some people, your idea would be meritorious. Cheers


Oddysey

Guest

Thanks so much, Odyssey.

I really appreciate your effort.

I'm going to see if I can get your Yahoo filter working.
I have to admit though, it will take me a few days before
I can report back and tell you if it works because these
things take me time as I am not as advanced as you
guy's are with the Proxo language. I know alot about
some things and not much about others Smile! I am going
to have to go through your explanation carefully and
follow the instructions. This could take me a couple
hours .. lol... so I have to set aside some time to do
it. Think

Just wondering about something though, you said
"I do not include my password. For some reason,
I can't bring myself to do that. I do it for nearly all my
other secure logins, but not for Yahoo."


That caught my attention. Is this for security purposes
that you don't include your password? Thanks.

Thanks everbody. You too ProxRocks.

Best regards,
apacallyps
appy;

As a matter of fact, it is a security issue for me. I feel that if someone were to break into my home and physically steal my 'puter, I don't want them to have all the pieces needed to read my Yahoo mail. For most other stuff, it's pretty innocuous, so I don't care, I just fill in the password too, and be done with it. Gauge your own needs as you see fit. Think Evil Look

When you do get down to sifting through all the mumbly-jumble above (my code), feel free to ask questions! If I'm not quick to answer, someone else will be, you can rest assured of that! Wink

HTH


Oddysey
iffen someone were to break into my home, my Yahoo mail would be the *last* thing that i'd be worryin' about, lol...
ProxRocks,

It ain't the fact it's mail, it's the potential for blackmail, by going to the other half! Whistling



Oddysey Pray
lol...
Pages: 1 2
Reference URL's