URL Redirecting is missing label for branding and warning on redirect
-
@jonathanlee ok this has nothing to do with pfblocker then ;)
Moving to proxy section, you might get more traction there from proxy users..
however I noticed it has no lable on the bottom that said it was redirected
I don't use proxy, and for sure don't play with it much.. This day and age of https everywhere they have become pretty irrelevant. But I don't recall that ever being like an option, not saying it can't be done.. But I don't believe is any sort of click this button sort of thing..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
J johnpoz moved this topic from pfBlockerNG on
-
This is the area that had URL redirection now in Squidguard
(Image: Squidguard URL redirection)
Make sure to upvote
-
@johnpoz It is no click point option you need SSL certificates loaded on all devices it will work with 443 with trusted certificates.
-
@jonathanlee that redirect doesn't add any sort of overlay that says its been redirected or anything.
you need SSL certificates loaded on all devices it will work with 443 with trusted certificates.
Which is a whole can of worms that shouldn't be opened - your breaking the chain of trust, etc.
But you have fun ;)
-
@johnpoz this is all equipment my devices my router and firewall. A business or such it would be their issue. SSL certificates for users on a network is standard practice. HTTPS url filtering works great see below I can block and add notes for HTTPS or http.
(Image: url blocking working)
If this overlay worked why does it not add one for redirected urls?
-
@jonathanlee keep in mind all urls used are testing urls for learning.
-
@jonathanlee that is the normal block page, and it loads because its not https..
Have fun trying to do with https.. You would have to create a cert for www.cnn.com on the fly, and your browser would have to trust the CA that created it, etc.
-
@johnpoz I wish we could do a overlay for a redirect. I have to admit redirection and learning about this today was amazing.
-
@jonathanlee You can block https but you cannot redirect it.
And adding local trusted ca's on all devices and creating "fake" site certificates on the fly isnt easy.
And why you need an overlay? A simple landing page is enough (if you have managed to do the redirection) -
@netblues thanks for the reply. Do you think they will ever have a browser plugin to act like Burp suite so we could make redirection work correctly? Http works for the messages however https does not. The cookie interaction and SSL issues with the redirection cause most of the issues. With a proxy like Brupe suite you can have the Forward pause and adapt it on the fly with pen testing even regenerate cookies. But for a valid redirect there has to be a way to just auto generate a cancel and a new url reload with the new url. What http header sends the stop? We just need to cancel and refresh with the new URL right? But how can you hit the refresh without a plugin?
-
HTTP request methods - http: MDN. HTTP | MDN. (n.d.). Retrieved January 6, 2022, from https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
One has to work, I will just have to play with some code next semester if I learn more and test for a while and make it very secure. Goal is to stop the unwanted non approved URL cancel the browser request and after have a new request generated for a new URL and send the new url down. But it would require a approved plugin like Kaspersky uses. You have to control the browser someway. All it is a redirected url with a overlay. Kaspersky antivirus uses browser extensions even Chrome approved ones that install SSL certificates on the fly for use with the software based IDS and antivirus software. I would feel more comfortable with such extensions installed on the firewall.
General articles: Answers to frequently asked questions. How to enable the Kaspersky Protection extension in Google Chrome, Mozilla Firefox and Microsoft Edge based on Chromium. (n.d.). Retrieved January 6, 2022, from https://support.kaspersky.com/common/start/12782
-
@jonathanlee Creating and maintaining a plugin that works on many browsers and devices isn't something easy.
It does require a team of devs and testers and a way to finance it.
Kaspersky is a multimilion dollar security software company with many subject matter experts.
If it was easier they wouldn't have opted for a plugin, to begin with. -
@netblues
One can say . .
A community is always be stronger than abuses brought by the few.I got the http redirect to work however for the blocked https I am still working on that I want it to go to the official blocked page like this. see image below
This only works when I go to http://zoo.com
if I try https://zoo.com this occurs
I am missing a setting or something. I just get a error page
-
@netblues Even with the landing pad it gives an error for me currently only http works.
-
@jonathanlee I would suggest you go through the hangout by jimp
While its a bit dated now with 2.5 and 2.6 around the corner.. I am not aware of any sort of major changes.. And for sure this hangout goes over the different options of doing https proxy.
