Post Reply 
SSL warnings --> images & css
Jan. 02, 2013, 06:37 PM (This post was last modified: Jan. 25, 2013 02:24 PM by ProxRocks.)
Post: #1
SSL warnings --> images & css
i've noticed recently that some of the "certificate errors" that Proxo pops up from time to time are all 'favicon' .ico files...

(try Huffington Post in Half-SSL mode as an example [not the home page itself, but articles linked from the home page, most of those articles will have a DOZEN {not exaggerating} "favicon" files]... <and each and EVERY ONE OF THEM will pop up a "certificate error"... axe the favicon.ico, whoala, NO CERTIFICATE ERROR Smile! >)


here's what i'm currently using to axe any and ALL of those [email protected] "favicon" files Smile!
(the first one is a header filter, the second two are web page filters...)
Code:
In = FALSE
Out = TRUE
Key = "Cookie: 3 Kill FavIcon Requests (Out) [add]"
URL = "*/favicon.ico"
Replace = "killed FavIcon request\k"

Name = "Block: FavIcon Cookies [add]"
Active = TRUE
URL = "$IHDR(Content-Type: (*(html|xml)*))"
Bounds = "<link\s[^>]++re(l|v)=$AV((shortcut |)icon)[^>]+>"
Limit = 300
Match = "*"

Name = "Block: FavIcon Images [add]"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js))(^$TST(keyword=*.(a_track|a_bug).*))"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "*(favicon|no-image).ico*"
Add Thank You Quote this message in a reply
Jan. 08, 2013, 12:10 PM (This post was last modified: Jan. 08, 2013 12:24 PM by ProxRocks.)
Post: #2
RE: SSL warnings --> images
here's another...

example site - http://www.ittechware.com/public/screenshots

what it does is since the site is NON-SSL and it tries to load an SSL image (and in turn pops up a certificate error!), it 'converts' the image link to NON-SSL so that we don't get the certificat error...

has to be placed higher up in the config than "<*>: Half-SSL 09.05.03..."
Code:
Name = "Convert SSL-Images on non-SSL Sites"
Active = TRUE
URL = "$TST(hCT=*html)$TST(uProt=http:)"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "\1src=('|")\2https:\3(gif|png|jpg|jpeg|jpe|bmp|xbm|ico)\4('|")\5\6"
Replace = "\1src=\2http:\3\4\5\6"


edit: ps - theoretically, this MAY produce "red X" images...
i have not seen any yet, but theory aside, i myself would rather have a 'silent' "red X" than an "in your face" certificate error Smile!
Add Thank You Quote this message in a reply
Jan. 09, 2013, 01:07 AM
Post: #3
RE: SSL warnings --> images
ProxRocks;

Thanks for the tips!

In another direction of hunting down certificate errors, I see much more often than otherwise that the culprit wants to point to FaceBook, Twitter, Google+, and other ill-conceived notions whose sole intent is to circumvent one's privacy. To that end, the afflicted cert isn't necessarily a favicon, it's just as easily a web-bug that is being used to first determine if you are already connected to the site in question.

I found that simply scorching the earth with a total ban on such sites was somehow ineffective, even at the header level. I finally resorted to entering the BS sites into my router's BlackList table, and that finally cured 90% or more of my frustrations. Smile! The status bar might hold one or more "Finished, but with errors" messages, but the screen remains 'user friendly'. Cool

FWIW. Wink





Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jan. 25, 2013, 02:31 PM
Post: #4
RE: SSL warnings --> images & css
no joke there, the vast majority of the cert-errors i've ran in to all come from "fbstatic-a.akamaihd.net/" (ie, FACEBOOK)...

i've changed my cert-error-preventer filters to add two schemes:
1) if a .CSS is trying to come in as SSL, i convert it to non-SSL...
2) prevent .CSS from loading images via SSL...

those two added to the previous two:
1) block FavIcon POS...
2) convert SSL images on non-SSL sites (no longer by file extension though)...

Code:
Name = "Block: FavIcon Images [add]"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js))(^$TST(keyword=*.(a_track|a_bug).*))"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "*(favicon|no-image).ico*"

Name = "Convert SSL CSS to non-SSL CSS"
Active = TRUE
URL = "$TST(hCT=*html)"
Bounds = "<link rel="stylesheet"*>"
Limit = 2048
Match = "\1href=('|")\2https:\3.css('|")\4\5"
Replace = "\1href=\2http:\3.css\4\5"

Name = "Convert SSL Images on non-SSL Sites"
Active = TRUE
URL = "$TST(hCT=*html)$TST(uProt=http:)"
Bounds = "<i(mg|nput|mage)\s*>(^\=)"
Limit = 2048
Match = "\1src=('|")\2https:\3('|")\4\5"
Replace = "\1src=\2http:\3\4\5"

Name = "Convert SSL Images inside non-SSL CSS"
Active = TRUE
URL = "$TYPE(css)$TST(uProt=http:)"
Limit = 2048
Match = "url\(https:\/\/\1(gif|png|jpg|jpeg|jpe|bmp|xbm|ico)\2\3\)"
Replace = "url(http://\1\2\3)"
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to ProxRocks for this post:
chatterer, usr
Jan. 30, 2013, 01:34 PM
Post: #5
RE: SSL warnings --> images & css
i have replaced the "Convert SSL Images on non-SSL Sites" filter with the following two "togglers":
Code:
Name = "Block & Fetch: Third Party Images (convert if SSL) - Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<a\s*</a>"
Limit = 1024
Match = "<a[^>]++\shref=$AV(http(s$SET(9=https-px-.)|)://\1)\2> & *href="(*//|)([^('|")]+{1,30})\3*"
        "<i(mg|nput)[^>]++\s(src*|)src=$AV((http(s$SET(8=ssl)|)://((^([^/]++.|)$TST(uDom)|local.ptron)*)\7)\4)\5>\6"
        "$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg)&#x20;ProxToggle style=display:inline>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A"
          " href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
          "var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
          "prxIimg.src=prxIimg.longDesc;"
          "void(prxIimg.style.display='inline');""
          " target=_self>&#160;F&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\7\5 target=_top>&#160;I\8&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\9\1\2 target=_top>&#160;L&#160;</a>"
          "</span>"
          "<a href=http://\9\1\2><img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\7\5>\6"

Name = "Block & Fetch: Third Party Images (convert if SSL) - Not Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
        "$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg)&#x20;ProxToggle style=display:inline>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A"
          " href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
          "var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
          "prxIimg.src=prxIimg.longDesc;"
          "void(prxIimg.style.display='inline');""
          " target=_self>&#160;F&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\5 target=_top>&#160;I\8&#160;</a>"
          "</span>"
          "\1 id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\5\6>"
Add Thank You Quote this message in a reply
Jan. 30, 2013, 04:02 PM
Post: #6
RE: SSL warnings --> images & css
a quick update, the "not linked" was catching too much (like onmouseover on-site images)...
i'm also now intentionally "breaking" 'input forms' that hide behind an off-site image:
Code:
Name = "Block & Fetch: 3rd Party Images (convert SSL, break input) - Not Linked {PFR 13.01.30}"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=(^\\)($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
        "$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg)&#x20;ProxToggle style=display:inline>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A"
          " href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
          "var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
          "prxIimg.src=prxIimg.longDesc;"
          "void(prxIimg.style.display='inline');""
          " target=_self>&#160;F&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\5 target=_top>&#160;I\8&#160;</a>"
          "</span>"
          "<img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\5\6>"
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to ProxRocks for this post:
defconnect
Jan. 30, 2013, 09:31 PM
Post: #7
RE: SSL warnings --> images & css
one more quick update, a few .png's in particular did not want to 'toggle' without a single-quote around the href and longdesc (only the "not linked" changed, but since i changed their "titles", i'm putting both here so that i can keep track of just what i posted and did not post, so to speak):
Code:
Name = "Block & Fetch: 3rd Party Images (convert SSL) - Linked [add]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<a\s*</a>"
Limit = 1024
Match = "<a[^>]++\shref=$AV(http(s$SET(9=https-px-.)|)://\1)\2> & *href="(*//|)([^('|")]+{1,30})\3*"
        "<i(mg|nput)[^>]++\s(src*|)src=$AV((http(s$SET(8=ssl)|)://((^([^/]++.|)$TST(uDom)|local.ptron)*)\7)\4)\5>\6"
        "$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg)&#x20;ProxToggle style=display:inline>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A"
          " href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
          "var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
          "prxIimg.src=prxIimg.longDesc;"
          "void(prxIimg.style.display='inline');""
          " target=_self>&#160;F&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\7\5 target=_top>&#160;I\8&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href=http://\9\1\2 target=_top>&#160;L&#160;</a>"
          "</span>"
          "<a href=http://\9\1\2><img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc=http://\7\5>\6"

Name = "Block & Fetch: 3rd Party Images (convert SSL, break input) - Not Linked [add]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))(^$TST(keyword=*.a_tpi.*))"
Bounds = "<img\s*>|<input\s*>"
Limit = 1024
Match = "(<(img|input))\1*src=(^\\)($AV((^http(s$SET(8=ssl)|)://(([^/]++.|)$TST(uDom)|local.ptron)*)(\4//\5)\2)\6)\3>"
        "$TST(($GET(pIimg)+)=$LST(Count)|*)$SET(pIimg=$GET(i))$SET(tIimg=)"
Replace = "<span class=ProxI_$DTM(c)_$GET(pIimg)&#x20;ProxToggle style=display:inline>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A"
          " href="javascript:prxO.oInt.inToggleB('ProxI_$DTM(c)_$GET(pIimg)','cl','span');"
          "var prxIimg;prxIimg=document.getElementById('proxII_$DTM(c)_$GET(pIimg)');"
          "prxIimg.src=prxIimg.longDesc;"
          "void(prxIimg.style.display='inline');""
          " target=_self>&#160;F&#160;</a>"
          "<a class=Pr0xToggle&#x20;Pr0xTogO-A href='http://\5' target=_top>&#160;I\8&#160;</a>"
          "</span>"
          "<img id="proxII_$DTM(c)_$GET(pIimg)" style="display:none;" src="about:blank" longdesc='http://\5'\6>"
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to ProxRocks for this post:
chatterer, usr
Jan. 30, 2013, 09:57 PM
Post: #8
RE: SSL warnings --> images & css
the irony is that i used to block any-and-all "off-site" content...

i loosened the reigns over the years only for it to bite me in the butt - dang near ALL cert-warning POS's that i get while in half-ssl mode are due to OFF-SITE CONTENT...
Add Thank You Quote this message in a reply
Feb. 03, 2013, 11:38 AM
Post: #9
RE: SSL warnings --> images & css
Hi,

where is the best place in sidki's config?
I think, this is is a good update for ProxBlox-v1.0.0.1 and it needs a black- and white list.

thanks,
chatterer
Add Thank You Quote this message in a reply
Feb. 04, 2013, 11:33 AM (This post was last modified: Feb. 04, 2013 12:33 PM by ProxRocks.)
Post: #10
RE: SSL warnings --> images & css
i place all five of them at the bottom of the "||| Anti-Tracking" section...
ie, the section with the "Remove: Image Trackers", "Remove: Webbugs", and "Remove: Webbugs & Trackers"...

i "whitelist" via the "(^$TST(keyword=*.a_tpi.*)" ["allow third party images"]...

like javascript CRAP in general, i prefer to error on the side of CAUTION and to NEVER allow them by "default", to BLOCK them and ONLY allow "white-listed" javascript...

why ALLOW them by default and only block them *AFTER* you find out a given site is "malicious", AFTER any "damage" is done?

yes, BLOCKING java-crap and off-site images will "break" pages, SO WHAT, *ANY-AND-ALL "MALICIOUS" ACTIVITY IS STOPPED DEAD IN THEIR TRACKS* Smile!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: