Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Web Extensions
What extensions would you recommend?
Message
<blockquote data-quote="Terry Ganzi" data-source="post: 854340" data-attributes="member: 18831"><p>2o7.net_full.txt 2o7.net first party trackers, both alias & CNAME</p><p>2o7.net.txt only alias</p><p>cname.sqfs cleaned up version of freely available rapid7 cname database</p><p>ebis.ne.jp_full.txt ebis.net.jp first party trackers, both alias & CNAME</p><p>ebis.ne.jp.txt only alias</p><p>eulerian.net_full.txt eularian.net first party trackers, both alias & CNAME</p><p>eulerian.net.txt only alias</p><p>omtrdc.net_full.txt omtrdc.net first party trackers, both alias & CNAME</p><p>omtrdc.net.txt only alias</p><p></p><p>for rest of the missing first party trackers, check:</p><p>[URL unfurl="true"]https://hostfiles.frogeye.fr[/URL]</p><p></p><p>Using cname.sqfs on Linux</p><p>-------------------------</p><p>NOTE: you must have Squashfs and Squashfs XZ either as</p><p>a built-in or as a module in your kernel.</p><p>If you have file /proc/config.gz or something like that you can use the</p><p>following command to quickly check if you have the needed pieces, if not,</p><p>then kernel compiling time!</p><p></p><p>zgrep -e SQUASHFS=y -e SQUASHFS_XZ=y -e SQUASHFS=m /proc/config.gz</p><p></p><p>If the pieces are there you see this for built-in:</p><p>CONFIG_SQUASHFS=y</p><p>CONFIG_SQUASHFS_XZ=y</p><p></p><p>Or if there is squashfs module with XZ compression support:</p><p>CONFIG_SQUASHFS=m</p><p>CONFIG_SQUASHFS_XZ=y</p><p></p><p></p><p></p><p>mkdir tmp</p><p>sudo mount -o loop cname.sqfs tmp</p><p>cat tmp/cname and watch the ##### scroll....around 170 million alias/CNAME combos ...</p><p></p><p>Note that the cname.sqfs is just raw data dump of cnames collected</p><p>by rapid7 project (updated once per month). I just removed the</p><p>extra stuff (like timestamps) from their json file to make it </p><p>more readable.</p><p>So not everything there is first party (or third party)</p><p>tracker!</p><p></p><p>However, here's how you can make your own tracker lists based on</p><p>that valuable raw data:</p><p></p><p>Let's say you found another company that has started using this</p><p>dirty first party tracking technique (like ebis.ne.jp).</p><p></p><p>You can create your very own tracker list by giving the following</p><p>Linux command (of course, after having mounted the cname.sqfs like above):</p><p></p><p>grep "\.ebis\.ne\.jp$" tmp/cname > ebis.ne.jp_full.txt</p><p></p><p>That gives full version with both alias and cname included. That</p><p>list is mostly just for information purpose. Because that grep </p><p>pattern is a regular expression it's recommend to escape</p><p>dot (.) characters with \ and put dollar ($) sign at the end.</p><p>To minimize the likehood of false positives ending into the list.</p><p></p><p>The following however, gives you the real deal:</p><p>grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/\1/g' > ebis.ne.jp.txt </p><p></p><p>That gives you generic version of the tracker aliases without the</p><p>target cnames.</p><p></p><p>If you already know the specific format you are going to need it's easy</p><p>to modify the above command (there are just too many various formats</p><p>for various programs out there, that's why I only have very generic ones </p><p>listed here. Maybe later I add hosts file format .... and Unbound. </p><p>But that's all)</p><p></p><p></p><p>For example the following variation gives you hosts file format of the</p><p>above:</p><p></p><p>grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/0.0.0.0\t\1/g' > ebis.ne.jp_hosts.txt </p><p></p><p>Finally, if you just want to know how many specific trackers there</p><p>are in the data dump do this:</p><p></p><p>grep "\.ebis.ne\.jp$" tmp/cname | wc -l</p><p></p><p></p><p></p><p>Other stuff ...</p><p>------------------------------</p><p>I have work on progress for a (quick!) cname enumerator &</p><p>will kick it here when it's ready.</p><p></p><p></p><p>P.S.</p><p></p><p>Ad blocking should be ideally two layer process:</p><p></p><p>1. First line of defense should be either hosts file or local caching DNS server.</p><p> If you only need to block few addresses then hosts file is okay for that.</p><p> But if you wan't to block all the s**t that's out there (and keep coming),</p><p> then it is strongly recommended to use local DNS server instead of hosts file </p><p> because in the end, they are more flexible and more importantly, more</p><p> scalable than rigid, non-regular expression entries in the hosts file.</p><p> </p><p> You can't even use wildcards in hosts file. So in the end the resulting hosts</p><p> files will be multiple times larger than the special zone files used for ad blocking</p><p> in local DNS servers. Some have tried to tackle the problem of managing </p><p> ever growing hosts files with separate program (it still don't fix the scalability problem) </p><p> So if you need separate program for that, then why not just use local DNS server?</p><p></p><p> Also, as a nice bonus, if you put ad blocking local DNS server into your </p><p> router/gateway/etc.. then your whole private LAN will benefit from the junk filtering.</p><p> Including your Wifi using smartphones.</p><p></p><p>2. After the bad domains (and subdomains) have been blocked at DNS level, the remaining</p><p> trackers will be handled by the browser extension (like uBlock origin).</p><p> Even thought the first line should have blocked 90% of the stuff out there, the</p><p> second line is still very important. For example, many "good" sites will track their</p><p> users with scripts (like ga.js or analytics.js). No DNS blocking will help there</p><p> because you can only block (sub)domains with that and you can't block the otherwise</p><p> "good" site that just have only one, or two (or one million) tracker scripts littered</p><p> on it's pages. That's where the browser ad blocking extension picks up and filters</p><p> the remaining, non-domain specific junk. </p><p></p><p> Note: It is also possible to use special proxy software (like privoxy or squid) to</p><p> filter the non-DNS stuff. But only if they come over HTTP.... </p><p> In theory you could do also ad blocking in squid proxy for HTTPS connections </p><p> but it would mean that you would have to configure it with your own SSL-certificates</p><p> which is not exactly fun and might be dangerous too. You would be basically MITM your</p><p> own secure HTTPS connections!</p><p></p><p>P.S2:</p><p>And yes Geoffrey....still reading the logs <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>And that a old file. so is this what you mean?</p></blockquote><p></p>
[QUOTE="Terry Ganzi, post: 854340, member: 18831"] 2o7.net_full.txt 2o7.net first party trackers, both alias & CNAME 2o7.net.txt only alias cname.sqfs cleaned up version of freely available rapid7 cname database ebis.ne.jp_full.txt ebis.net.jp first party trackers, both alias & CNAME ebis.ne.jp.txt only alias eulerian.net_full.txt eularian.net first party trackers, both alias & CNAME eulerian.net.txt only alias omtrdc.net_full.txt omtrdc.net first party trackers, both alias & CNAME omtrdc.net.txt only alias for rest of the missing first party trackers, check: [URL unfurl="true"]https://hostfiles.frogeye.fr[/URL] Using cname.sqfs on Linux ------------------------- NOTE: you must have Squashfs and Squashfs XZ either as a built-in or as a module in your kernel. If you have file /proc/config.gz or something like that you can use the following command to quickly check if you have the needed pieces, if not, then kernel compiling time! zgrep -e SQUASHFS=y -e SQUASHFS_XZ=y -e SQUASHFS=m /proc/config.gz If the pieces are there you see this for built-in: CONFIG_SQUASHFS=y CONFIG_SQUASHFS_XZ=y Or if there is squashfs module with XZ compression support: CONFIG_SQUASHFS=m CONFIG_SQUASHFS_XZ=y mkdir tmp sudo mount -o loop cname.sqfs tmp cat tmp/cname and watch the ##### scroll....around 170 million alias/CNAME combos ... Note that the cname.sqfs is just raw data dump of cnames collected by rapid7 project (updated once per month). I just removed the extra stuff (like timestamps) from their json file to make it more readable. So not everything there is first party (or third party) tracker! However, here's how you can make your own tracker lists based on that valuable raw data: Let's say you found another company that has started using this dirty first party tracking technique (like ebis.ne.jp). You can create your very own tracker list by giving the following Linux command (of course, after having mounted the cname.sqfs like above): grep "\.ebis\.ne\.jp$" tmp/cname > ebis.ne.jp_full.txt That gives full version with both alias and cname included. That list is mostly just for information purpose. Because that grep pattern is a regular expression it's recommend to escape dot (.) characters with \ and put dollar ($) sign at the end. To minimize the likehood of false positives ending into the list. The following however, gives you the real deal: grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/\1/g' > ebis.ne.jp.txt That gives you generic version of the tracker aliases without the target cnames. If you already know the specific format you are going to need it's easy to modify the above command (there are just too many various formats for various programs out there, that's why I only have very generic ones listed here. Maybe later I add hosts file format .... and Unbound. But that's all) For example the following variation gives you hosts file format of the above: grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/0.0.0.0\t\1/g' > ebis.ne.jp_hosts.txt Finally, if you just want to know how many specific trackers there are in the data dump do this: grep "\.ebis.ne\.jp$" tmp/cname | wc -l Other stuff ... ------------------------------ I have work on progress for a (quick!) cname enumerator & will kick it here when it's ready. P.S. Ad blocking should be ideally two layer process: 1. First line of defense should be either hosts file or local caching DNS server. If you only need to block few addresses then hosts file is okay for that. But if you wan't to block all the s**t that's out there (and keep coming), then it is strongly recommended to use local DNS server instead of hosts file because in the end, they are more flexible and more importantly, more scalable than rigid, non-regular expression entries in the hosts file. You can't even use wildcards in hosts file. So in the end the resulting hosts files will be multiple times larger than the special zone files used for ad blocking in local DNS servers. Some have tried to tackle the problem of managing ever growing hosts files with separate program (it still don't fix the scalability problem) So if you need separate program for that, then why not just use local DNS server? Also, as a nice bonus, if you put ad blocking local DNS server into your router/gateway/etc.. then your whole private LAN will benefit from the junk filtering. Including your Wifi using smartphones. 2. After the bad domains (and subdomains) have been blocked at DNS level, the remaining trackers will be handled by the browser extension (like uBlock origin). Even thought the first line should have blocked 90% of the stuff out there, the second line is still very important. For example, many "good" sites will track their users with scripts (like ga.js or analytics.js). No DNS blocking will help there because you can only block (sub)domains with that and you can't block the otherwise "good" site that just have only one, or two (or one million) tracker scripts littered on it's pages. That's where the browser ad blocking extension picks up and filters the remaining, non-domain specific junk. Note: It is also possible to use special proxy software (like privoxy or squid) to filter the non-DNS stuff. But only if they come over HTTP.... In theory you could do also ad blocking in squid proxy for HTTPS connections but it would mean that you would have to configure it with your own SSL-certificates which is not exactly fun and might be dangerous too. You would be basically MITM your own secure HTTPS connections! P.S2: And yes Geoffrey....still reading the logs :-) And that a old file. so is this what you mean? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
