Loading…
Add the ability to block base64 urls [Requests] #1317
5 participants
uBlock and similar extensions block the URLs as they appear in the Web requests, so it doesn't matter if the URL is base64-encoded in Javascript or something like that, if they need to be decoded before the browser can make the requests; this should be blockable with a rule like /adstream_sx.
@lewisje Actually, this is not decoded by the javascript. The target domain is acting like a proxy, and decodes the base 64 URL to find out what the client is requesting. The issue here, is that they create new domain names too often, so blocking them proves uneffective.
@gwarser the ad movies domain change every days, i added ~ 300 domains in 4 month 
; maybe an other solution ... blocking (range) IP address (convert the domain in IP address) like PeerBlock in windows for example.
||1.2.3.4^$ip,$domain=wat.tv to prevent wat.tv loading ad from domains hosted on 1.2.3.4 for example.
I tried to play http://www.wat.tv/video/maya-02-2rbwr_2gzyz_.html, and I didn't see any ad. Do you have anything reproducible so that I can understand what is the issue? I prefer to see the issue for myself -- not a proposed solution for an issue I can't see.
@gorhill You might want to disable uBlock. Smed79 updates the EasyList very often so as to add the new domains.
Yes, I got ads with uBlock disabled, I still don't know exactly what URLs are problematic to @SMed79. Closest to what is mentioned in OP is:
http://openad.tf1.fr/RealMedia/ads/adstream_nx.ads/WAT/animation/u/video/1365328031@Left,Left2,Frame1,Frame2,TopLeft!Frame1?&type=&si=&v=ugc
There was no base64 encoding in there. That's the part I want to understand, why the need to such a very specific (and CPU intensive) need of guessing (hopefully properly) first and decoding base64. If it's to merely detect part of a URL which appear base64-encoded, then a regex would work already.
@gorhill In the 'config' link that SMed79 provided, there are base64-encoded URLs. A regex would work, but it would be less tidy I reckon. (In the filters, it would appear as a gibberish list of characters).
Ok, in the config file I see these two URLs which I guess are the issue?
http://ha3g64dfnzqwiltumyys4zts.elegistgenusptilocercus.info/AJWVid0KgjAYQN9mV9Wcs1kXoyRHDLTCtLqLLAED23TRYRAAED23TR9QqAED23TRX2tYsD53BogVDnaCxQMKNnGhCa12a0sD12a0sDgWvq9JSaG1DUy2a12a0sDmLvq3Bjq7CWCz51gVs5oJwo247dSr18SBJrlKdyA812a0sDSKb2SSZJWhUXnUrGBSOVt0jwiMdrov8nkz08cd7X8MWBnHPJfg9CLBk
http://ge4g64dfnzqwiltumyys4zts.elegistgenusptilocercus.info/AJWVid0KwiAYQNAED23TRGuzLnMrqQkpQQtGJt1V184UcI12a0sD2Nbtd612a0sDdnHgHA7NEEqPIQKF0E8MHUJ178f51FeVU6hjBUNsavqi7xiwoWIh12a0sDDLZjgnbmNvOnHJ7PEjijbZKfvBBnNkrJ4kusovVknHBSDFZKnjKV2tiAED23TR8fJFp44a0v4YkfOXrIfZdErDA
As said however, for whatever reason I can't see anything like this in the log, and ads are blocked fine.
In any case, regarding tidyness, as much as I dislike regexes used as filters, this would still be much more tidy than having scary code to first, detect when a URL has something which looks like base64 (i.e. any sequence of alpha numeric characters..), and try to decode it, etc. This is way too much work just to avoid a simpler regex.
In the two links above, it doesn't even look like this is base64, I can't get none of them to decode properly. So only a regex can take care of this.
As said somewhere in the wiki, in uBlock regexes will be handled optimally if they are narrowed with request types, third-party flag, and domain filter option. In the above case, this would be (I am assuming object type):
/^http:\/\/*\.*\.*\/[0-9A-Za-z]+/$third-party,object,domain=wat.tv
Such filter in uBlock would be first looked up if and only if the filter option object and third-party match, and if looked up, the regex would be executed if and only if the domain is wat.tv.
@gorhill blocking object not block the ad domain, yes with object-subrequest but i cant use because of false positive for example on http://www.wat.tv/video/psg-barcelone-3-a-il-encore-7bg6v_2exyh_.html
you can check this adblockplus issues:
https://reports.adblockplus.org/a0fa67c5-bfe0-4f29-93a1-50a416e769f9#tab=all
https://reports.adblockplus.org/83a8b946-ca35-4480-a849-ec2d41c38b68#tab=all
https://reports.adblockplus.org/84ca5968-92f4-4ba5-a391-d2fde597aaab#tab=all
https://reports.adblockplus.org/80225509-9b7a-9647-9f8f-d68c3e58cd3f#tab=all
- This crypted ads tool are created by S e c r e t M e d i a http://tinyurl.com/otej4os
... makes sure that each ad gets a specific URL that cannot be nor found not added to EasyList ...
... 
Videos are served from *med.wat.tv, so
|http:*$third-party,domain=wat.tv
!allow styles, images
@@||wat.fr^$third-party,domain=wat.tv
@gwarser i cannot add filters can cause false positive !
(can you see this video http://tinyurl.com/l4t6twl ?)
lost cause... 
These URLs still have this format http://ge4g64dfnzqwiltumyys4zts.elegistgenusptilocercus.info/AJWVid0KwiAYQN...? (I dont see them, don't see any ad)
Adding end of string marker to the regex should narrow it a little
/^http:\/\/*\.*\.*\/[0-9A-Za-z]+$/$third-party,object,domain=wat.tv, but I cannot make it work. Is $ forbidden in filters?
////
\b works (word boundary), but this is not what I want
////
\/*\.*\.* - something is lost here? Does not this means: any number of slashes, any number of dots?
Indeed, that regex was a bit malformed.
Hi All,
some marketing company bypass ad blockers by crypting urls to base64
Exemple found on Wat.TV playing ads before every or video.
video ://www.wat.tv/video/maya-02-2rbwr_2gzyz_.html
config ://www.wat.tv/interface/contentv4s/4634379?SM=1&wat_context=page-player
Exemple of base 64 url :
L1JlYWxNZWRpYS9hZHMvYWRzdHJlYW1fc3guYWRzL1dBVC9hbmltYXRpb24vdS92aWRlby80MTM1NjRAeDAxLHgwMj9FWENFUFRJT049Jk1FRElBPXdlYiZMRUdBTD0mRFVSVklEPTEzNjEmVVZJRD00NjM0Mzc5JklEVVJMPSZTTT0xDycripted :
/RealMedia/ads/adstream_sx.ads/WAT/animation/u/video/413564@x01,x02?EXCEPTION=&MEDIA=web&LEGAL=&DURVID=1361&UVID=4634379&IDURL=&SM=1... Maybe is it possible to improuve µBlock and add the possibility to block url coded to base64 like
|http:*/$base64$domain=wat.tv, currently adding^$third-partyfilters to lists is not very effective because of the update frequency off listes (3 to 7 days) and marketing company use a new domains every days, hours, minutes... and it's really annoying to see 78seconds before a video of 2min 28sRegards,
Med