pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[kvic]

So that looks cool, but I guess I don't understand what you'd do with it at that point. ?

You've to remind yourself for what purpose uce & uca counters on servstats page as well as loggings to syslog were added in the v2.1. Log entries that I'm referring to are like these:

May 30 05:20:36 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client 192.168.1.113:50141 server app-measurement.com
May 30 05:21:06 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client 192.168.1.113:50142 server googleads.g.doubleclick.net
May 30 05:21:07 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client 192.168.1.113:50144 server googleads.g.doubleclick.net

The TLS handshake section on the manpage could serve as a good reminder.

I had been manually looking in syslog for suspicious connections from LAN clients to rogue servers. The script automates the process and reduces manual work to minimum. It presents a concise summary and only new alerts.

Upon receiving the email notification, I can focus right away on the new alerts and confirm malicious nature or not... that actually requires me to spend time on.

 

[jrmwvu04]

So that looks cool, but I guess I don't understand what you'd do with it at that point. ?

It would be a useful tool for dealing with handshake failures. Especially in cases where you have devices where a client certificate install isn’t possible, you could point the client to 0.0.0.0 for instance. Or even whitelist it if appropriate. I made a similar script for a similar purpose.

 

[kvic]

I made a similar script for a similar purpose.

 

[mrchow]

Unknown TLS handshake errors
Any privacy conscious ppl want to try...pls let me know.

I'd definitely be in to test/try this script. My UCE count is insanely high.. (6911 in ~7 days...).

Btw.: my issue with pixelserv crashing is gone as of now. It seems it was related to blocking the trend micro urls.

 

[kvic]

I'd definitely be in to test/try this script. My UCE count is insanely high.. (6911 in ~7 days...).

Btw.: my issue with pixelserv crashing is gone as of now. It seems it was related to blocking the trend micro urls.

Added you to the test group.

 

[DonnyJohnny]

Just for sharing.
Memory hanging around 1.5 to 2.1 of 256mb.
After 15 days I hit 300 certs

 

[MasterBash]

I had to uninstall this due to having some problems on my phone with it. This includes the "Amazon Shopping" app, that displays "Something is wrong" with a dog picture.

I am also having a problem with my bank app. Once I log in and I see all the cards on my account, if I click one of them it tells me something "Internet connection required" with a Reload button. For my bank app, I whitelisted absolutely everythingggggggggg that displayed under the F -> 2 option in ab-solution, so pixelserv might be doing something else. I even tried to install the certificate thing and nothing. Still the same.

I am a bit confused. If it wasn't for those 2 apps I would otherwise use it.

 

[kvic]

I had to uninstall this due to having some problems on my phone with it. This includes the "Amazon Shopping" app, that displays "Something is wrong" with a dog picture.

For people having issues with Amazon Apps like above, there was a discussion towards end of April a few pages back. Anyway, the solution is to whitelist the following two domains:

fls-na.amazon.com
fls-eu.amazon.co.uk

For my bank app, I whitelisted absolutely everythingggggggggg that displayed under the F -> 2 option in ab-solution

Try to follow my instructions below and give it another try?

https://github.com/kvic-z/pixelserv...ut-domain(s)-to-whitelist-on-a-broken-website

I'm sure we have different banking apps. If you let me know and your login credential, I'm happy to figure out what domains to whitelist.

 

[Jack Yaz]

I'm sure we have different banking apps. If you let me know and your login credential, I'm happy to figure out what domains to whitelist.

If you find any money in mine let me know, because I sure as hell can't see it

 

[elorimer]

I'm sure we have different banking apps. If you let me know and your login credential, I'm happy to figure out what domains to whitelist.

I'll help too. I find it works much better after the account is emptied.

 

[kvic]

I'll help too. I find it works much better after the account is emptied.

I can't think of a banking app dependent on adverts. Very likely some sophisticated tracking method is broken. I would be very curious to figure out with putting log LEVEL to 4.

Once you empty the account, I'll pick up from there

 

[MasterBash]

For people having issues with Amazon Apps like above, there was a discussion towards end of April a few pages back. Anyway, the solution is to whitelist the following two domains:

fls-na.amazon.com
fls-eu.amazon.co.uk

Try to follow my instructions below and give it another try?

https://github.com/kvic-z/pixelserv...ut-domain(s)-to-whitelist-on-a-broken-website

I'm sure we have different banking apps. If you let me know and your login credential, I'm happy to figure out what domains to whitelist.

For people having issues with Amazon Apps like above, there was a discussion towards end of April a few pages back. Anyway, the solution is to whitelist the following two domains:

fls-na.amazon.com
fls-eu.amazon.co.uk

Try to follow my instructions below and give it another try?

https://github.com/kvic-z/pixelserv...ut-domain(s)-to-whitelist-on-a-broken-website

I'm sure we have different banking apps. If you let me know and your login credential, I'm happy to figure out what domains to whitelist.

lol... Unfortunately no luck with the amazon app. I use amazon canada. I tried whitelisting everything again and no luck. I even added fls-na.amazon.ca
Website works fine though. Its only the app. Same with my bank's app. The website works fine, but not the app. I will mess around with my bank's app a bit later tonight see if I can do anything about it.

 

[jrmwvu04]

These are issues that should be emphasized if they are offered these feature

You’ve lost the forest for the trees at that point. If you consider these legitimate worries, you should probably just not use pixelserv.

 

[kvic]

lol... Unfortunately no luck with the amazon app. I use amazon canada. I tried whitelisting everything again and no luck. I even added fls-na.amazon.ca

Mine still works. I just checked again. fls-na is the one my connection actually uses. Worth checking the domains are not still pointing to your pixelserv ip...

 

[jrmwvu04]

You shall run pixelserv-tls with log LEVEL 4, and see first hand what sorts of domains and requests reaching pixelserv-tls.

Or you can go big and and enable log level 5, where you will uncover upon parsing the logs that pixelserv was behind 9/11

 

[thiggins]

All: Please report suspected trolls. Don't engage.

 

[apokrif]

Guys,
Getting Segmentation fault on RT-AC68U 374.43_32E4j9527
Downgraded libopenssl - 1.0.2o-1 -> 1.0.2n-1b
# opkg list-installed | grep libopenssl
libopenssl - 1.0.2n-1b
# pixelserv-tls -?
pixelserv-tls 2.1.1 (compiled: Apr 15 2018 13:48:00)
# pixelserv-tls -B
# pixelserv-tls -B -l5
# pixelserv-tls -B -l=5
All show
Segmentation fault
But no stack traces on crash in syslog.
Am I missing something?
I see people report 2.1.1 works fine on AC68U, but they are on Asuswrt-Merlin 384.*
Shouldn’t be any difference, right?

 

[jrmwvu04]

I see people report 2.1.1 works fine on AC68U, but they are on Asuswrt-Merlin 384.*
Shouldn’t be any difference, right?

I wouldn’t think so. I use the fork and 2.1.1 and even for a while with that specific libopenssl, didn’t see any problems.

 

[apokrif]

I wouldn’t think so. I use the fork and 2.1.1 and even for a while with that specific libopenssl, didn’t see any problems.

Too late, bumped up to 384.5 already...
BTWL: It looks like the trick was not try to upgrade AB solution, but wipe out and reinstall it from scratch, including entware and pixelserv.

Could somebody clarify if pixelserv-tls - 2.1.1-1 needs libopenssl 1.0.2o-1 or 1.0.2n-1b, please?
Seems to work with 1.0.2o-1 as of now...?

 

[jrmwvu04]

Too late, bumped up to 384.5 already...
BTWL: It looks like the trick was not try to upgrade AB solution, but wipe out and reinstall it from scratch, including entware and pixelserv.

Could somebody clarify if pixelserv-tls - 2.1.1-1 needs libopenssl 1.0.2o-1 or 1.0.2n-1b, please?
Seems to work with 1.0.2o-1 as of now...?

I updated my entware packages (pixelserv 2.1.1-1, libopenssl 1.0.2o-1) and so far everything seems to be working properly. @kvic, does this libopenssl package have the modification from 1.0.2n-1c?

edit: this pixelserv build was compiled more recently than the one I was using before but I can't tell any differences