From: SourceForge.net <no...@so...> - 2007-03-28 19:05:02
|
Feature Requests item #1690006, was opened at 2007-03-28 16:00 Message generated for change (Comment added) made by fabiankeil You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=361118&aid=1690006&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. >Category: funct: content modification Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: sebastian nielsen (sebastiann) Assigned to: Nobody/Anonymous (nobody) Summary: POST filtering and autoanswer. Initial Comment: Why not add the ability to filter POST, and ability for the proxy to directly answer replies from a web server, by calling a shell script, that computes a answer based on data from privoxy... Like this: Client ----> Privoxy ---> Server Server ---> Privoxy (Privoxy composes a POST reply based on content from Server, and a rule) Privoxy ---> Server Server ---> Privoxy ---> Client Could be done with a config like this: +AutoAnswer s/<b>challenge PartA=(.*)<\/b><br><b>challenge PartB=(.*)<\/b>/POST=/etc/bank-auto-logon.sh $1 $2/ And tie that to the url like www.Net-onlinebanking.com That would result that when www.Net-onlinebanking.com is visited, the user is directly presented with her account page, because the proxy autologins for the user. ---------------------------------------------------------------------- >Comment By: Fabian Keil (fabiankeil) Date: 2007-03-28 19:05 Message: Logged In: YES user_id=875547 Originator: NO I already thought about POST filtering, but it's currently not very high on my list. However Privoxy's CVS version already supports multiple filters, and adding another one probably wouldn't take that much time ... I haven't thought about the automatically generated response yet, but I don't think many people would use it and as I currently don't need it either, its priority (for me) is even lower than the one for the POST filters. Of course Privoxy is free software and nobody has to wait for me. BTW, if I understand your "AutoAnswer" example correctly, it makes remote code execution possible, so I certainly wouldn't want to implement it that way. I'm also unsure about the usefulness of the auto response feature for your bank example. If your bank is any good, it will encrypt the login form to make sure a man in the middle can't control the destination of your POST request to intercept your login info. If that's the case, Privoxy wouldn't be able to parse the login form. ---------------------------------------------------------------------- Comment By: sebastian nielsen (sebastiann) Date: 2007-03-28 16:04 Message: Logged In: YES user_id=722476 Originator: YES And of course basic filtering should be able, like this: +PostFilter s/(*.)password=SSO/$1password=test123/i This would result in when a user enters SSO in a password field at a site, where the password field has the name password, the password is replaced with test123 before it is sent to server. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=361118&aid=1690006&group_id=11118 |