Post Reply 
sneaky TV style flash ads
May. 05, 2009, 10:16 AM
Post: #1
sneaky TV style flash ads
I was watching this "why linux sucks" talk and suddenly a TV style ads appears at the 15minute mark. Possible to defeat the ads?

http://lunduke.com/?p=429
Add Thank You Quote this message in a reply
May. 10, 2009, 06:54 AM (This post was last modified: May. 10, 2009 06:54 AM by Kye-U.)
Post: #2
RE: sneaky TV style flash ads
I noticed that when I loaded the video, Sidki's config caught two things:

Code:
+++GET 37045+++
GET /scripts/flash/freewheel/AdManagerNew.swf?logLevel=VERBOSE&cb=0.892479598056525 HTTP/1.1
Host: e.blip.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090427 Firefox/3.5.9.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 600
Connection: keep-alive
!-||||||||||||: Killed
Client-IP: 66.93.132.126
Via: 1.1 lanproxy:9943 (squid/2.5.STABLE4), 1.1 proxy859 (NetCache NetApp/5.4R1D2)
BlockList 37046: in AdPaths, line 272
GET 37046 : Connection killed: AdP ads
BlockList 37046: in US-IPs, line 57
BlockList 37046: in Via, line 70
BlockList 37046: in User-Agents, line 45
GET 37046 : Time: 02:43:50::187

+++GET 37046+++
GET /ads/ss_ads2.swf HTTP/1.1
Host: media.scanscout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b4) Gecko/20090427 Firefox/3.5.9.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 600
Connection: keep-alive
!-||||||||||||: Killed
Client-IP: 66.80.139.150
Via: 1.1 localhost.localdomain:8043 (Boramae/4.0.0), 1.1 URANUS187 (NetCache NetApp/5.5R1D1)
RedirectTo: http://local.ptron/nirvana
BlockList 37047: in IncludeExclude, line 263
GET 37047 : Keywords (List): .
BlockList 37047: in US-IPs, line 61
BlockList 37047: in Via, line 72
BlockList 37047: in User-Agents, line 45
GET 37047 : Time: 02:43:53::312
BlockList 37048: in Mem-SpoofVars, line 265
BlockList 37048: in User-Agents, line 45
GET 37048 : Time: 02:43:53::343

After watching the video up to the 15:00 mark, there were no ads that popped up.

So if you kill the connections to the following URLs, I wonder if the ads will not appear for you as well.:

http://e.blip.tv/scripts/flash/freewheel...9598056525
http://media.scanscout.com/ads/ss_ads2.swf
Visit this user's website
Add Thank You Quote this message in a reply
May. 10, 2009, 01:42 PM
Post: #3
RE: sneaky TV style flash ads
I saw there http://ad.doubleclick.net/crossdomain.xml, and thinked could be interesting writing a filter to redirect crossdomain.xml from adsources to a crossdomain.xml local file. Someone know the good parameters in this file for doing this?

The standard is: http://www.adobe.com/xml/dtds/cross-domain-policy.dtd
Add Thank You Quote this message in a reply
May. 15, 2009, 02:06 PM (This post was last modified: May. 15, 2009 05:18 PM by sidki3003.)
Post: #4
RE: sneaky TV style flash ads
This is a very interesting idea. I've played a bit with it, both, a local policy file and filtering crossdomain.xml.

Filtering because i was trying to block all "3rd party" flash objects. However, for each modification there was always a major site being broken.


(May. 10, 2009 01:42 PM)lnminente Wrote:  Someone know the good parameters in this file for doing this?

Below are those that were helpful for me. The URL in the comment goes into the details.

Local crossdomain.xml:
Code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!--
  Explained at:
  http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
-->

<cross-domain-policy>
<!--
  Domains from where *pulling* data is allowed.
  One tag per host, or "*" wildcard.  "foo" never matches.
-->
  <allow-access-from domain="foo" />

<!--
  Domains that are allowed to *push* data (via SOAP headers).
-->
  <allow-http-request-headers-from domain="foo" headers="*" />

<!--
  Meta policy.  "none" doesn't even allow this master policy file
  ("master-only" is default).
-->
  <site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>


Anyway, when it came to simply redirect policy files from ad servers, using a local file which doesn't break XML - dummy.js in my case - did the job just as well, so i'm not going to use above file.

Regarding mentioned problem page, redirecting these files are removing the ads for me:
ad.doubleclick.net/crossdomain.xml
[^.]+.scanscout.com/crossdomain.xml
Add Thank You Quote this message in a reply
May. 16, 2009, 01:09 PM
Post: #5
RE: sneaky TV style flash ads
Thanks for the research Sidki! Well i was testing with the crossdomain.xml but i had no success. If i replace the onsite crossdomain.xml the flash is reporting a error. And if i replace the xml from doubleclick i still see ads.

By other way replacing the one from doubleclick by dummy.js (i use empty file instead) kills the ad, but has a small inconvenient, the flash keeps like buffering forever, it requires we press the play button. If i found something new i will report it later
Add Thank You Quote this message in a reply
May. 16, 2009, 02:13 PM
Post: #6
RE: sneaky TV style flash ads
Solved, the problem is i was replacing http://pagead2.googlesyndication.com/pag...deoads.swf for an html local file. Now working so good Smile!
Add Thank You Quote this message in a reply
May. 16, 2009, 06:56 PM
Post: #7
RE: sneaky TV style flash ads
I use a local Flash for such redirects, the smallest one i found, 27 Bytes, i'll attach it.
(If someone knows of a nicer one, like a little bug, or a colored pixel, let me know.)

Do you remember on which page(s) you got that googlevideoads Flash?

I'm blocking flash.quantserve.com/ , invoked by Flash e.g. at http://lunduke.com/?p=429 , http://www.justin.tv/ , http://www.abadiadigital.com/ .

The next one i'm not yet sure about, because some bin.clearspring.com Flash objects are required. However, the one i get almost daily does nothing but tracking: bin.clearspring.com/lib/[^/]+/l[^?]++.swf . That entry is of today, so i just have the muzicons.com Flash at http://nomanymore.blogspot.com/ as example.


Attached File(s)
.zip  pixel.zip (Size: 143 bytes / Downloads: 424)
Add Thank You Quote this message in a reply
May. 17, 2009, 03:10 AM
Post: #8
RE: sneaky TV style flash ads
Nice file! The first and only time i have seen this googlevideoads.swf was today in the first link posted. But maybe the webmasters were doing some tests, i don't see it actually but sure we will see it more and more in short time.
Add Thank You Quote this message in a reply
May. 18, 2009, 02:11 PM
Post: #9
RE: sneaky TV style flash ads
Unfortunately some major sites seem to check if the Flash ads have been loaded.

Redirecting ad.doubleclick.net/crossdomain.xml breaks http://www.nhl.tv/team/console.jsp?hlg=20082009,3,321 (would require allow-access-from domain="*.neulion.net").
Redirecting googlevideoads.swf breaks http://perezhilton.com/2009-05-17-love-game .
Add Thank You Quote this message in a reply
May. 18, 2009, 08:17 PM
Post: #10
RE: sneaky TV style flash ads
mmm I see and confirm it too... :/
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: