BCable.net - Surrogafier

"It is a paradox that every dictator has climbed to power on the ladder of free speech. Immediately on attaining power each dictator has suppressed all free speech except his own."

- Herbert Clark Hoover

Info Changelog Documentation Download Git

1.0-rc3 Release - Sun May 06 16:23:59 CDT 2007

Changes:

Major bug fixed where certain versions of the PCRE library would have issue with one of the regular expressions, causing lots of pages not to load at all.

Fixed a bug where the base HTML tag was being parsed incorrectly.

Replaced some instances of preg_match() with other functions that were more efficient for the circumstances.

1.0-rc2 Release - Wed May 02 17:38:08 CDT 2007

Changes:

PRIVACY FIX/INFORMATION LEAK: In Javascript, the 'setAttribute' method had a faulty regular expression. Not only was there logic issues for the cases it did account for, but there were also cases that it didn't account for at all. This method is used by many sites (for instance, Yahoo and IMDB) to dynamically load Javascript. Until now, there were entire Javascript files not being parsed at all.

Fixed a bug where certain blocks of HTML code would be parsed as Javascript, as well as other refinements in what exactly is parsed and how the data is stored for better efficiency.

Javascript URLs and on[event] attributes were only getting parsed if they got 'lucky', and were parsed only if they were in the blocks of HTML that got parsed as Javascript. Proper parsing for all instances now occurs.

Fixed a bug with AJAX support that essentially made all XMLHttpRequests not send at all.

Improved eval parsing, including fixing a bug where if an eval was inside of a conditional statement the entire document would be deleted (whoopsies!).

Fixed a bug with the Javascript parsing engine. If the Javascript parsing engine was to parse HTML that contained Javascript, it would parse the Javascript code twice causing bugs and in general being really inefficient.

Fixed a bug where forms could get parsed multiple times, causing problems with the resulting action URLs

Fixed a bug where certain proxy options selected would not take immediate effect. Previously global code was put inside a function in 1.0-rc1 for portability, and when trying to access a global variable the scope wouldn't allow it.

Fixed a bug where certain pages would frame break or be labelled as the wrong frame type. Certain tags being set by "setAttr" were not getting the proper frame pointer for the URL.

IE comments ("<!--[if" etc) are now parsed correctly and not ignored like regular comments.

Fixed default blocked addresses, and also fixed a few bugs in the method of detecting IPs to block.

URL length is now limited to 500 characters or less by default. Changeable under advanced config option 'MAXIMUM_URL_LENGTH'.

Added comments which enable VIM "comment folding", making the file easier to read and navigate when using VIM.

When 'Remove Scripts' or 'Remove Objects' were enabled, Javascript and certain HTML tags were getting parsed despite the fact they were about to be completely removed.

Recoded a large portion of the HTTP requests made by the script to be more efficient.

After running some benchmarks, GZIP turns out to cause more problems in speed than in solves even when communicating with the server. In very very low bandwidth situations, it might be useful, so the code still remains. Defaults to off now, and if you wish to enable it there are two options in the advanced config: 'GZIP_PROXY_SERVER' and 'GZIP_PROXY_USER'.

Default value for 'TIME_LIMIT' changed to 10.

Other general Javascript and PHP optimization fixes, as always.

1.0-rc1 Release - Sat Dec 30 14:26:15 CST 2006

Changes:

PRIVACY FIX/INFORMATION LEAK: The Javascript "document.cookie" feature was not hooked before, causing an information leak to the site telling them ALL of your cookies defined through the proxy. This could cause some major security and privacy problems. This also fixed some functionality problems on certain sites that required the "document.cookie" feature to operate correctly.

PRIVACY FIX/INFORMATION LEAK: The Javascript "navigator" object was not hooked before, causing an information leak to a site telling them your actual useragent if you forged it through the proxy options.

Changed the format of the proxied URLs. No matter what, the URLs are always the same now. So you can FINALLY send links to your friends without there being a problem!

Each URL now has a "mode". Please note, you do not need to know what the rest of this means, this is just a technical description for those who are interested. Instead of GET variables such as "force_main=1", "<COOK_PREF>_page_framed=1", "<COOK_PREF>_frame=1", etc, the following table describes what each URL points to:
```
 ?=
```
This is the "null" mode. This is used if you have the persistent URL feature disabled, or for a page that isn't supposed to be framed (external scripts/styles, etc).
```
 ?=&=
```
This is the "frame" mode. This will display the URL with the persistent URL frame.
```
 ?=_&=
```
This is the "framed" mode. This is the framed page request, and is almost identical to the "null" mode. The only difference here is that it is labelled and used for targetting the "_top" HTML target in HTML and Javascript to keep the page framed correctly.
```
 ?=.&=
```
This is the "child frame" mode. Any URLs loaded by a "framed" mode URL have this mode. This makes sure any URLs clicked in <iframe>s or <frame>s on a page stay within that frame, and any target attribute is dealt with correctly.
```
 ?=-&=
```
This is the "menu" mode. This will force the page to display the main menu, and have the specified URL be inserted into the URL form.

The default title when loading a page used to be incredibly long and illegible. It was generally part of the URL of the proxy, and you had no idea what was loading. Now, the title is the actual URL entered in, and is later altered to be the correct title of the page.

Added support for "shortcut icon"s (also known as "favicon"s or "favicon.ico"), as well as fixed some other various bugs regarding how the title was changed.

New/updated useragents. Mac OS X added as an option (PPC) for Firefox, Safari, and Opera. Also added detection of BSD for the "Actual" option. The other useragents were updated to be the most recent versions of all the supported browsers.

Along with the new URL format, URLs are now cleaner looking in the address bar because they are no longer encoded.

Detection of where and when to decode a passed URL, in case a GET request does indeed encode a URL. The script looks at the first 6 characters, and if it has a '%' in that substring, then the URL is decoded. The first 6 characters SHOULD have a '%' in it if it is encoded no matter what.

Fixed a bug where the URLs and variables being passed via GET and POST would incorrectly parse ':', ' ', and other various special characters.

Removed code which added the GET variables to the current URL, which is unnecessary due to the new URL format.

The script now automatically sets the "error_reporting" PHP setting to 'E_ALL ^ E_NOTICE', making notices from PHP not displayed even on servers where the PHP.ini tells them to be displayed.

Added automatic detection to determine whether you are running on HTTP or HTTPS, and the URL is automatically adjusted accordingly. A manual override is available if necessary in the options at the top.

Fixed a bug where the script would parse URLs with quotes around them incorrectly.

Fixed a bug where the script would parse URLs even though they were supposed to be "locked". For instance, "javascript:" URLs were getting parsed.

Added support for flash movies that use the format: <param name="movie" value="MOVIE_FILE">

Fixed a bug where CSS "url()"s had ", ", or ' to signify quotes. Those HTML entities are apparently parsed before they are handed over to CSS, and the script now parses accordingly.

Adjusted regular expressions that parsed Javascript to ensure the command was starting at the beginning of a line or statement. This fixed many bugs involving various odd coding styles.

Fixed a bug where the end HTML comment before a "</script>" tag was incorrectly parsed, putting the "purge" statement in the incorrect place.

Fixed a bug where <meta> tags using "content" HTML attributes without quotes wouldn't work, and in the process, reduced the amount of regular expressions parsing <meta> tags by 2.

Fixed a bug where Javascript variables were not parsed if they contained dollar signs ($) in them, which apparently is legal in Javascript. (yuck!)

Fixed a bug with the "target" attribute of <form>s being incorrect, and the <base> tag not affecting the "action" attribute of a <form>.

Fixed a bug with the hooking of certain attributes of objects to have better logic in determining whether or not to redirect. This fixed many sites which seemingly redirected to a random page on their site for no reason, or got caught in an infinite loop.

Fixed a different bug with the hooking of the location attribute and it not getting set correctly.

Added proper Javascript hooking of the setTimeout() and setInterval() top-level functions.

Instead of the "innerHTML" attribute in Javascript being parsed by regular expressions, it is now sent through the Javascript hooking engine.

Adjusted parsing of the Javascript eval() top-level function to not be a direct hook into the function, but instead now uses regular expressionsto insure the eval is performed as a top-level function, fixing many many sites.

Added proper hooking and parsing for the Javascript "location.search" property.

Properties of various Javascript objects weren't being changed when called by sites. This means they were getting the proxy's URL, not the URL they were expecting. To fix this, a new function reverses the proxied URLs to their original values before the site's Javascript accesses them.

When Javascript was getting URLs, they were still encrypted if that option was enabled. So, to fix this, I also added an implementation of the base64 decoding algorithm (it already had the base64 encoding algorithm), and also translated the PHP function that decodes the encrypted URL into Javascript.

Javascript XMLHTTPRequest objects were originally hooked on the fly. This required the use of multiple lines of code to do so, and sometimes the XMLHTTPRequest was called in a spot where it required it to be on one line. Now, all of the hooking is done with one function call to fix this.

Many many many frame breaking bugs were fixed in Javascript.

The Javascript code in general was cleaned up a bunch, as well as new methods of hooking employed to reduce code and to make the code more flexible.

Instead of using PHP to echo all of the values of various script definitions directly into the Javascript code, it now converts all these values into Javascript at once, and then the Javascript code requests these variables instead of expecting values to be placed in the code directly.

Less, and more efficient, regular expressions are used to parse Javascript now.

The "REGEXPS" section of the code was practically unreadable in the past. I have added some comments to help other people and even myself in the future in order to understand what they all mean and do.

General Javascript and PHP optimization fixes.

Many many more bugs were also fixed, but could not be listed here because I forgot to write them down.

0.9.6b Release - Thu Nov 02 09:53:39 CST 2006

Changes:

Fixed a bug where URLs entered into the persistent URL form would not be encrypted if the "Encrypt URLs" option was checked.

Fixed a bug where HTTPS links would not be properly sent through the IP address checking algorithm, and would not properly connect to the site as a result.

Fixed a bug where if FORCE_DEFAULT_TUNNEL was set to false, then simple mode would be incorrectly displayed.

Removed some erroneously kept debug code in the Javascript parsing engine.

0.9.5b Release - Tue Oct 24 05:53:19 CDT 2006

Changes:

Fixed a bug with the Javascript engine where it was parsing "img" attributes when it shouldn't have been.

Fixed a bug with the Javascript engine to include parsing of empty called functions, for example, "document.writeln()".

0.9.4b Release - Fri Oct 13 15:36:35 CDT 2006

Changes:

Fixed a bug where the "Status" HTTP header wasn't being sent, fixing various HTTP authentication and redirect bugs.

Rewrote the Javascript engine to be theoretically unbreakable by the target page by wrapping all the Javascript functions and variables with the "COOK_PREF" random string.

Fixed a bug where a character would be removed after a "top" object in Javascript parsing.

Fixed some AJAX bugs with how certain programmers define XMLHttpRequest objects. This has fixed many AJAX sites as well as fixed some Javascript frame breaking. This change also sped up the AJAX parsing code a bit.

Fixed bug where forms were being submitted to the wrong address.

Fixed bug where "javascript:" URLs were being parsed, even though the code was intended to lock them from parsing.

0.9.3b Release - Tue Oct 03 19:15:57 CDT 2006

Changes:

Added DNS caching support, drastically improving the speed of the script. I had assumed the fsockopen() and gethostbyname() PHP functions used an OS level DNS caching, but I assumed wrong.

Fixed the Javascript parsing to include the hooks for top and parent in certain circumstances.

Fixed a bug where certain frame detecting sites would still break out of the frames, and possibly even leading to an infinite loop.

Modified the default blocked addresses due to them blocking more than they were supposed to.

Removed some unnecessary debug code that was still in the script.

0.9.2b Release - Sun Oct 01 18:12:54 CDT 2006

Changes:

Added a better system of supporting Javascript. Attributes are now sent through a wrapper function instead of an attempt to parse them through regular expressions. This improves the functionality of Javascript, fixes many information leaks, and fixes various sites that use Javascript through the proxy.

Added anti-frame breaking wrapper code when the persistent URL form feature is enabled, to ensure the persistent URL form stays up.

Added better "document.write" and "document.writeln" wrapping support, waiting until the end of the file or <script> tag to execute all write commands. This fixes information leaks in the script as well as fixes a bunch of broken ads and such on sites.

Fixed a bug where <script> and <style> tags when not all lowercase would not be parsed.

Fixed a bug where HTTPS connections running on the default port 443 would display the ":443" when it wasn't necessary.

Fixed a bug where "location.replace" style redirects were not working correctly.

Fixed "refresh" meta tags to ensure passing of the "framed" variable. This makes sure certain sites don't break the persistent URL form.

Fixed bug where a "Cookie" HTTP Header without a semi-colon causes an infinite HTTP redirect loop.

0.9.1b Release - Tue Sep 12 14:01:46 CDT 2006

Changes:

Fixed a bug where the Persistent URL frame would go away after you click almost any link.

Fixed a bug where the Javascript wouldn't include all necessary regular expressions.

Changed the font on all of the proxy's pages for Windows to be Trebuchet MS.

0.9.0b Release - Fri Sep 08 16:55:03 CDT 2006

Changes:

Added persistent URL form option with corresponding DEFAULT_URL_FORM config setting.

Detection of "magic_quotes_gpc", and if enabled it strips all slashes created by the magic quotes option. Magic quotes was making the code inconsistent on different settings. This makes sure the code gets what it expects to.

Fixed bug where certain characters being sent through POST were being parsed incorrectly and/or removed completely.

General PHP optimization techniques implemented. Due to the heavy amount of strings, and the fact that I always used double quotes, the code was chugging along slowly performing unnecessary tasks. This sped things up quite a bit.

Got rid of all "<?" and "<?=...?>" operators and replaced them with "<?php" and "<?php echo(...); ?>" respectively. This fixes some compatibility issues with certain PHP.ini settings.

Fixed some speed issues with the Javascript parsing of large chunks of HTML. This fixes a lot of problems with Javascript hanging on certain sites.

Changed "encode" to "encrypt" on pages and in the variable names in the code. The proxy doesn't really "encode" the URLs, it's not a simple base64 encoding or anything, it actually encrypts with a secret key. This should be a bit more descriptive.

Did away with "_eurl" and "_url" suffixes to the URL variable. This made the code easier to read, easier to manage, and a slight bit faster. Also allowed me to do away with certain unnecessary Javascript detections.

Fixed a bug where "Encrypt URLs" feature would take a couple tries to work correctly. Everything is done correctly the first time, now.

Changed default value of "TIME_LIMIT" constant to "30".

0.8.4b Release - Mon Aug 28 22:47:04 CDT 2006

Changes:

Rewrote almost all the Javascript. Instead of using the function based method from before, it is now using the same code as the PHP uses (OOP based) to speed the script up, make the code easier to manage, and to make the code more reliable.

Fixed HTTP POST variables parsing for excess slashes and certain values not being sent correctly.

"Warning" level error handling during transfer with site, ignoring all "SSL: fatal error" errors. The error apparently doesn't mean anything and is fairly normal for SSL connections, but causes the page to break and sessions, cookies, and headers to not be sent to the browser.

Script now ignores "Content-Length", and instead drinks up until the well is dry. Some buggy SSL implementations were only spitting out a fraction of the files for some reason due to the exact "Content-Length" being requested from the stream.

Added protocol inheritance from the parent URL, and removed protocol inheritance from valid URLs ("/page2.html" inherits protocol of parent, "http://example.com/" doesn't, like it should.)

Added portval inheritance from the parent URL, fixing alternate port servers' links, images, and other URLs on the parsed page.

Fixed a bug that caused any escaped less than 2 characters long not having an extra "0" in front of it.

0.8.3b Release - Fri Aug 25 18:10:37 CDT 2006

Changes:

Added configuration options to set the default values of the checkboxes when a user first views the page.

Fixed bug where quirky programming on a site makes URLs turn into: "http://www.example.com/../page.html" Had to account for bad programming and fix URLs like that up myself.

Fixed bug that caused the other parsing of previous directory and present directory (".." and ".") URLs to be parsed wrong.

Fixed bug where every URL takes the protocol of the parent. Protocols can change through links, forms, redirects, etc, so that isn't the correct way to figure out the protocol.

Fixed bug where sites that used "deflate" content encoding didn't work. I based my headers off of Firefox' headers, so "Accept-Encoding: gzip, deflate" was set. Now, it's just gzip (which the proxy already supports), because I can't find anywhere in PHP, anywhere in specifications, or anything, on how deflate content encoding works.

0.8.2b Release - Mon Aug 14 00:06:19 CDT 2006

Changes:

Fixed a bug regarding blocked addresses. Blocked IP addresses are compared on a binary level, but the binary was being assembled incorrectly. For instance, the binary number "00000101" was being represented as "10100000". Therefore, not only would "00000101" be blocked, but also something that actually was "10100000" would be blocked as well.

Added an option for changing the protocol the script is installed to. Defaults to "http", which would be what most people would need, but in the instance someone installs it on an SSL certified URL, it can be changed to "https".

0.8.1b Release - Mon Jul 17 15:04:18 CDT 2006

Changes:

Simple/Advanced Javascript was broken in Internet Explorer, IE doesn't like "name" attributes on anything other than form controls

Fixed some layout issues in Internet Explorer, looks much better in IE now.

0.8.0b Release - Sun Jul 16 03:33:32 CDT 2006

Changes:

Added new "simple"/"advanced" mode toggling. Simple mode only displays the URL text box.

New configuration options for administrators. These constants are defined and described at the top of the PHP file. These include options for setting the time limit, defaulting to simple mode, forcing simple mode, width of URL box when in simple mode, default tunnel IP, default tunnel port, and an option to force use of the default tunnel IP/port.

When server is in safe mode, "set_time_limit()" is not called, fixing some bugs related to having safe mode on.

Object tags are now properly parsed

When "Connection-Length" is sent, data is retreived in chunks of 1024 bytes now instead of 1 byte.

Changed default address blocking for "192.168.0.0/16" to "192.0.0.0/24", as I'm pretty sure the entire class A subnet for 192 is reserved.

Rearranged some minor aspects of the Proxifier page.

0.7.9.3b Release - Sun Jun 04 07:48:18 CDT 2006

Changes:

Very minor typo fixed which broke the user agent being sent properly. "$_SESSION", instead of "$_SERVER".

0.7.9.2b Release - Thu Jun 01 20:26:15 CDT 2006

Changes:

Encode Cookies feature now encodes both cookie name and cookie value, hiding the domain names you've visited in your cookie values

Added meta tag equivalent of robots.txt "noindex, nofollow" to prevent robots from following proxied URLs if it gets ahold of them, causing major bandwidth issues.

Fixed a glitch where certain servers would prematurely send the headers of the page, since when looping through the headers it would send out a blank header

Remove scripts now doesn't parse the scripts before removing them, fixing the CPU cycles wasted due to this

Remove scripts now also removes on<event>s, completely removing Javascript like the feature should have been doing to begin with

Improved parsing of each regexp, slightly less CPU usage

Fixed a bug involving certain pages not inserting the proxy's javascript due to case sensitivity

Fixed bug where certain pages would have Javascript errors due to double quotes in the URL

Fixed bugs in Javascript where a url passed to some functions would be null, causing errors

Other minor engine tweaks

0.7.9.1b Release - Wed May 31 13:02:54 CDT 2006

Changes:

Last version broke the "Encode URLs" feature, and this version fixes that bug.

0.7.9b Release - Mon May 29 14:31:21 CDT 2006

Changes:

License of proxy changed from GPL to a Modified BSD. See http://bcable.net/license.php for more details on the new license.

Default User-Agent is no longer to just not send it, but the actual User-Agent string sent to the server. It is still possible to change this field, and to remove it entirely, but this way many sites that require it are working by default. Detection of the user's platform and browser name is also done to inform the user what the proxy will report. Detection is minimal, however, and does not detect very many platforms as of now.

To reduce the amount of space taken by the Javascript of my script in the source, not only are the Javascript functions but also the Javascript regular expressions are found in separate requests to the server. This greatly cleans up the source code of a retrieved page, so that the user isn't completely confused when viewing the source.

Lots of speed improvements with this release.

Everything is now sent gzipped to the user, reducing the size of every file and speeding the communication to the proxy up dramatically.

All headers from the server, minus a select few, are sent to the user now, but obviously still not vice versa as that would be a privacy hazard. This way, certain caching mechanisms can work correctly reducing the amount of data flowing through the proxy.

Amount of regular expressions used were greatly reduced, including the minimum of 16 regexps per URL, and another 7 for each modification to the URL performed. Now, a flat 9 regexps total, regardless of modification, is being performed. This was a major CPU burner in the previous versions, and the overhead has now been reduced almost 10 fold for this section of code.

Persistent connections to the servers has been removed (IE: pfsockopen replaced with fsockopen again). It seems that the persistent connections with the servers were not helping at all in the slightest for speed, and in fact, were hampering it to some extent. Until I find a way to have the persistent connections time out after inactivity, this will remain. The connections weren't EVER expiring, which created many open connections that didn't need to be open.

The gap between the "fsockopen" and "fclose" has been reduced slightly so that the connection wasn't just sitting there waiting to be operated on, while the proxy script was doing some work on its side. This slightly reduced the amount of time the connection was left open.

Other engine fixes, speed tweaks, and code optimizations were also done.

Planned:

Possibly change "proxy.php?blah_url=<URL>" to: "proxy.php?<URL>". This would make the URLs look a bit nicer in the source, as well as make it easier to change URL by editing the address bar. Auto detection of encoded URLs, as well.

Have an option to insert a URL form at the top of every page. Possibly using javascript to fold up, as well as degrading gracefully for those who don't have/allow javascript.

Modification of the page's title, as well as masking of the "favicon", so that when minimized a page wouldn't look suspicious to shoulder surfers.

If not the above, a feature to "hide" the page you are looking at by an invisible button on the page which flips back and forth between a hidden page and the mask page. This may not be possible as the address bar will alway report the correct URL of the proxy, and using IFrames, you cannot access the "mask" page's title (access to an IFrame's document object is forbidden for obvious security reasons). Good idea, but hard if not impossible to implement. I'll try to think something up for it.

0.7.8.1b Release - Thu May 11 20:48:07 CDT 2006

Changes:

Fixed "Encode URLs" with Internet Explorer bug (IE doesn't have btoa().. so I had to write my own base64 encoding function .. which required me to write a binary to decimal conversion since JS doesn't have that.. and an exponential funcion because JS doesn't EVEN HAVE THAT! How JS has survived this long without an exponent operator is beyond me..)

Fixed up the look of the front page of the proxy: I hadn't tested Proxifier on IE for awhile (causing the above bug) and I didn't even realize that it looked so terrible in IE. I fixed most of the look, but there are still a few other problems. I also adjusted the look for every browser just a tad as well. I may eventually just make the front Proxifier page with CSS float and divs instead of a table... might fix a lot of the alignment issues.

0.7.8b Release - Sun Apr 30 14:23:03 CDT 2006

Changes:

Fixed speed problems associated with 0.7.7b. For some reason, when searching php.net for "DNS", I thought I would have to do my own DNS queries... so I did. I was completely unaware of the fact that PHP has C's "gethostbyname()" wrapped. This caused some major problems since the DNS functions I used were on the PHP end of things.

Fixed non-persistent connections to server: this release should even be faster than 0.7.6.1b! (Connection: keep-alive with value of 300 now used in addition to the pfsockopen)

Converted functions for URLs into a class, and one big URL regular expression. Makes things much easier to debug and might speed the processing of each page up a bit.

Javascript "eval()" command wrapped, with proper execution.

Bugs fixed with respect to how javascript interpretted the regular expressions used to parse the page.

HTTP communication fixes (\r\n\r\n was all it checked for, but apparently some servers use \n\n as well - I'm almost certain this is not in the HTTP specification, however).

Other major code cleanup/code restructuring, as well as engine parsing fixes. If you find any site that does not work with this proxy, please email me at <brad@bcable.net> with the site's URL.

0.7.7b Release - Sat Apr 15 15:27:48 CDT 2006

Changes:

NOTE: There was a MAJOR speed problem with this version. DO NOT USE IT! This version sucked.

Blocking specific addresses now possible. Edit the PHP file, and at the top is an array with the addresses you want blocked as elements. Currently you can block addresses in one of three ways:
```
 1.2.3.4     - plain IP address
 1.2.3.4/24  - subnet blocking
 php.net     - domain blocking
```
The default blocked addresses are:
```
 10.0.0.0/24
 172.0.0.0/24
 192.168.0/16
 127.0.0.0/24
```
These are blocked by default since they are reserved for local and internal purposes. If I have missed some, or if I have one of these mistaken, please email me.

I haven't decided if I want to add IP range blocking yet. I personally can't think of any reasons why you would need it, but if you do, just email me saying that you would use it and I'll be motivated to add it. If you don't it probably won't get done, but there still is a slight chance that it might. I've got nothing better to do, but I'm just not motivated enough to do it at this point :).

Error displaying engine created, for blocked pages, connection problems, etc

Sessions are now used to store the encoding information for URLs and cookies. Before, the encoding string was stored in the cookies, which meant that it was possible for an administrator to see the encoded string as well as the decoding portion, then find the code on my site and decode it. This obviously is not a good thing, so I moved the key to decode the string into the session, and increased the size of that key from 12 to 30 characters long. Note, this does not affect the cookies of the sites you visit or the proxy's cookies at all, just makes sure that the encoding is secret.

Sessions time out after 24 minutes, so an administrator must see an encoded URL and send your cookies out to the site within 24 minutes of you visiting. You can change that time in the PHP config by changing the "session.gc_maxlifetime" setting. If you want me to change it by default, email me and I'll consider it.

New "Encode Cookies" feature, encodes the values of the cookies for sites using the same key as the "Encode URLs" uses, and is now in a session as noted above.

Changed the cookie separator to the cookie prefix, instead of "__proxifier_sep__".

Minor tweaks in parsing engine

Planned:

Code cleanup: the code is getting a little messy, I'm going to try to fix that. I might try OOP for some of it, I might not. I'm not sure yet. I'm definitely going to increase the amount of regular expressions, replacing the "substr"s and stuff.

URL form on the page as an option, and javascript enabled with a toggle to see it or not, degrading gracefully.

0.7.6.1b Release - Mon Mar 13 22:43:18 CST 2006

Changes:

Bugs fixed for "Encode URLs" feature, this was not working correctly.

Bug fixes for "Connection: close" HTTP headers

Now detects if Javascript is enabled and issues a warning that discourages use of Encode URLs without Javascript enabled.

0.7.6b Release - Sun Mar 12 20:08:41 CST 2006

Changes:

Major reworking in the regular expressions

Major fixes in the way Javascript was parsed

AJAX based JS working to a small extent

Domain icon (address bar icon) support

Copy/Paste "ip.ip.ip.ip:port" string into the server IP box, if you have Javascript enabled, it will split it up automatically for you

User agent string didn't send properly, now fixed

Referer field was sending encoded, fixed

Script detection wasn't working, now fixed by using preg_split

Javascript function were moved to an "external" file on the page to make source more clean looking

on<event> attributes now execute Javascript correctly

<base href> support added

If you aren't using the new "Encode URLs" option, Javascript is not required anymore (like 0.7.4.1 and previous). My old implementation of the "Encode URLs" option required Javascript no matter what.

Countless other major and minor bug fixes/sites fixed

0.7.5.1b Release - Sun Feb 19 15:37:00 CST 2006

Changes:

Major bugfix! Adding the "Encode URLs" feature broke viewing pages without encoding the URLs... whoops!

0.7.5b Release - Sun Feb 19 02:08:15 CST 2006

Changes:

New option, "Encode URLs", which helps get around certain types of filters. Captures both standard HTML and Javascript URLs and encodes them for every request sent by the client.

Altered proxy variables to have a prefix of a random string instead of "proxy_". This ensures no conflicts with the proxied site, and also helps for some types of filters.

Meta tag's "http-equiv" for "Set-Cookie" support added

Moderate code cleanup and rearrangement

0.7.4.1b Release - Mon Jan 09 17:11:38 CST 2006

Changes:

Initial Release