started a topic
3 months ago
i am running safari of lion 10.7 (yes it is old) and i am finding some sites that are detecting adblockers and after some reverse engineering of the site i found the code that is doing the detection.
so i downloaded the source code for version 2.66.0 and how do i compile that into an extension?
i can understand security risk possible for allowing injecting scrips but i am willing to take the risk since macs are fairly immune to viruses and i have enabled 2fa on most of my sites so i dont have to worry about cookies getting stolen if you wont allow us to inject script could you allow us to modify the html file so we can replace a portion of the scripts embedded.
Just to mention quickly, I'm not one of the AdBlock Team but I am a regular contributor here. Given your question, I'd like to let you know that my answer isn't their official opinion.
As a long term AdBlock User, this suggestion sounds a bit risky to me. While AdBlock is Open Source and you're more than welcome to poke about and build your own version, I'm a bit nervous about the idea of injecting extra scripts. As for why your changes get reverted each time, I'm not really sure on that so I'll have to fallback to Rhana for that one.
Also, I'm a bit nervous that you're still using OS X Lion - there's been a number of security issues that have been discovered over the years which are pretty nasty. I hope you understand why I would prefer not to share details on those.
For this reason, I'd be very hesitant to suggest this kind of idea because I'm not sure it's one that would be used by many people and I'm nervous about possible security holes that could be abused in some way.
3 months ago
i have patched the lion security issues using proxies, vpn and even a complex if/then tables living on the router to block packets containing offensive commands.
proxies will perform ssl bump (correct me if i am wrong but it is taking a ssl 1.2 packet and translating it to a ssl 1.0 packet so safari can open sites that not support ssl 1.0).
vpn many vpns do not allow the passing of packets that are harmful.
router code once the packets have been converted by ssl bumping the router code will remove any offending commands before they make it to the devices.
so for example if the url contains anything outside of the a to z 0 to 9 and any punctuations that are used in urls it then patches the packet to remove the offending stuff so attempting to do a buffer overflow attack such as code red will get blocked at the router.
3 months ago
I passed your questions along to our developers. The answer I got back comes in two parts:
1. Extensions don't need to be compiled, just loaded. However, I believe that Safari does require an extension developer license from Apple to keep them installed between launches of Safari. AND, since he's running an older version of OS X, the extension developer license may not work - Apple changed the license certificate authority a few years ago, and it basically broke extension development on older versions of OS X.
2. He'll need to install the extension every time Safari is launched. If he can install our extension without a license, he can just update our existing content scripts (adblock_start_common.js) with whatever code he wants. He can find out more here: