Post Reply 
Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
Oct. 14, 2011, 10:49 AM
Post: #1
Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
has anyone else experienced intermittent issues with the Yahoo Auto Login? cache is clear BEFORE the auto login is attempted, login fails, continues to fail until you clear the cache AGAIN...
Add Thank You Quote this message in a reply
Oct. 14, 2011, 05:58 PM
Post: #2
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
After it fails, does http://www.yahoo.com/ show you to be logged in?

Mine is based on sidki's. Last failures were caused by a Yahoo mail redirect to some kind of "Welcome" page. Logging in normally and completing the "Welcome" 'fixed' things.
Add Thank You Quote this message in a reply
Oct. 14, 2011, 07:42 PM
Post: #3
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
it's intermittently "not" logged in a half a dozen times earlier today, but now that i *WANT* it to "not" log in, it's logging in Sad

i'll monitor it over the next couple of days and see if it "fails" to log in again...

it's like finding a rattle in a car door, the rattle stops as soon as you let someone else drive and you're sitting in the passenger seat to track down the rattle...
Add Thank You Quote this message in a reply
Oct. 16, 2011, 08:59 PM
Post: #4
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 14, 2011 05:58 PM)JJoe Wrote:  After it fails, does http://www.yahoo.com/ show you to be logged in?

nope, not logged in...

i'm landing here - http://https-px-.login.yahoo.com/config/...m&.intl=us

and the form on the right for ID and password is empty...
i can "refresh" a hundred times and it remains empty and no login...

clear the cache, refresh again, auto-login works...
Add Thank You Quote this message in a reply
Oct. 16, 2011, 09:52 PM (This post was last modified: Oct. 16, 2011 09:55 PM by Graycode.)
Post: #5
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
I don't know if it matters to Proxo but ... In the past month I've seen multiple SSL vs. Non-SSL conflicts happening at Yahoo.

For example there's been regular GET requests (not SSL CONNECT) targeting port :443
Code:
login.yahoo.com:443/?.intl=us

Maybe it's not related to your issue in Proxo, or maybe it is. Either way something's recently broken at Yahoo irregardless of Proxo. In my case I don't allow non-SSL to target port :443, and there's only a few instances where I'll allow an SSL CONNECT to target a port other than :443.
Add Thank You Quote this message in a reply
Oct. 16, 2011, 11:17 PM
Post: #6
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 16, 2011 09:52 PM)Graycode Wrote:  In my case I don't allow non-SSL to target port :443

"how" ?
i would prefer non-SSL to NOT target 443...
Add Thank You Quote this message in a reply
Oct. 17, 2011, 12:42 AM
Post: #7
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 16, 2011 11:17 PM)ProxRocks Wrote:  "how" ?

I don't know about Proxo. It's something I inforce in my proxy, which is not Proxo.

You know there's a lot of open ("public") proxy instances out there. For normal SSL they might receive something like:
Code:
CONNECT www.example.com:443 HTTP/1.1
At that point the proxy would connect to that remote host's port :443 and begin a blind tunnel operation whereby (probably) encrypted content flows both ways.

But now consider when one of those proxies receives something like this:
Code:
CONNECT 127.0.0.1:445 HTTP/1.1
If the open proxy is stupid (many are) then the remote user will have an open channel for Microsoft-DS file sharing within the PC that the proxy's running on.

A more connom scenario would be something like:
Code:
CONNECT www.example.com:25 HTTP/1.1
Spammers love to relay through open proxies when they can, and the proxy's operator gets blamed for it.

I consider TCP port :443 to be strictly for SSL CONNECT and deny (block) its use for non-SSL. Then I restrict the SSL CONNECT to only port :443, with an exception list for a few destinations in a non-standard usage. An example exception would be where I allow tunneling of MS Messenger IM on :1863. Another example would be one of my routers that I can access its configuration with SSL via a non-standard port.

If, as in this case, some Yahoo page generates a non-SSL GET request to port :443, then I just say no. Activity like that would often be for malicious intent. But in Yahoo's case it's probably bugs in some HTML generator they wrote & recently modified.

An HTTP GET is not a CONNECT, even if it misleadingly specifies :443
Code:
GET login.yahoo.com:443/?.intl=us HTTP/1.1

I only brought this up in case it has something to do with the issues you're having with Yahoo login.
Add Thank You Quote this message in a reply
Oct. 17, 2011, 04:44 PM
Post: #8
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 16, 2011 08:59 PM)ProxRocks Wrote:  
(Oct. 14, 2011 05:58 PM)JJoe Wrote:  After it fails, does http://www.yahoo.com/ show you to be logged in?

nope, not logged in...

i'm landing here - http://https-px-.login.yahoo.com/config/...m&.intl=us

and the form on the right for ID and password is empty...
i can "refresh" a hundred times and it remains empty and no login...

clear the cache, refresh again, auto-login works...

Filter is probably missing, assuming you don't see

Quote:Submitting your Yahoo data...
This filter can be bypassed by holding down the "CTRL+ALT" keys.

Assuming that the miss is due to excessive code, clearing the cache gets you different and less code.

Try putting this

Code:
[Patterns]
Name = "Yahoo: Auto Login helper strip/reinsert style test     (multi) (o.s)"
Active = TRUE
Multi = TRUE
URL = "(^$KEYCHK(^C^A))$TST(hCT=*html)([^/]++.yahoo.com(:[0-9]+|)/config/(login(_verify2|)|mail)\?(\&+.|(^?))|mail.yahoo.com/)"
Limit = 32766
Match = "(*)\0(<style*?)\1$SET(YL=\1)(^(^</head >))"
        "|"
        "<!-- Auto Login helper strip/reinsert style -->"
        "$SET(\0=$GET(YL))$STOP()"
Replace = "\0<!-- Auto Login helper strip/reinsert style -->"

on top of the auto login filter. It should remove a large amount of code. The code should be reinserted, if the auto login filter fails.

If this doesn't fix things, I'll need some souce code.

HTH
Add Thank You Quote this message in a reply
Oct. 17, 2011, 04:46 PM
Post: #9
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 16, 2011 11:17 PM)ProxRocks Wrote:  
(Oct. 16, 2011 09:52 PM)Graycode Wrote:  In my case I don't allow non-SSL to target port :443

"how" ?
i would prefer non-SSL to NOT target 443...

Maybe

Code:
[HTTP headers]
In = TRUE
Out = TRUE
Key = "! : RDIR: port 443 https only (out in)"
URL = "[^/:]+:443&$URL(^https://)"
Replace = "Killed\k$LOG(!RGET $DTM(c) : Connection killed: 443 not https URL: \u)"

?
Add Thank You Quote this message in a reply
Oct. 17, 2011, 10:43 PM
Post: #10
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
(Oct. 17, 2011 04:44 PM)JJoe Wrote:  Try putting this...on top of the auto login filter. It should remove a large amount of code. The code should be reinserted, if the auto login filter fails.

If this doesn't fix things, I'll need some souce code.

HTH

thanks, will give that a try and report back in a few days if it seems to solve the intermittency or not...
Add Thank You Quote this message in a reply
Oct. 19, 2011, 03:44 PM
Post: #11
RE: Yahoo: Auto Login 09.06.28 (edit! multi) [sd] (o.s)
that seems to have solved it, i haven't had any intermittent misses Big Teeth
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: