PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: kimo on June 09, 2005, 06:03:27 AM
-
how does this work with something like Anonymizer.com surfing or privoxy ? I was never able to anonymously surf and use roboform at the same time maybe you can help out here?
Also - note the roboform form -filling algorithms are very sophisticated - rather than try to duplicate them - i'd suggest trying to work with them to replace their inhouse password generator feature.
-
Hi Kimo,
PasswordMaker works with Anonymizer and Privoxy.
Let's take Yahoo! mail as an example. Assuming you want the same password for yahoo.com and http://anon.free.anonymizer.com/http://mail.yahoo.com/?.intl=us (the URL used when you go to Yahoo! Mail through Anonymizer), here's what you should do:
1. Go to the Advanced Options dialog
2. Create a new account
3. In the When URL Contains field, type yahoo.com.
4. In the Use This URL field, type yahoo.com.
That's it! Now whenever you navigate to any url with yahoo.com (e.g., http://mail.yahoo.com or http://anon.free.anonymizer.com/http://mail.yahoo.com/?.intl=us), the same password is generated for both.
Hope that helps,
-Eric
-
I'm using Privoxy and TOR along with PM (no special configuration) without a problem. It even works on FreeNet's hidden onion servers if you don't mind S-L-O-W browsing ;)
Anonymizer would require the domain fix mentioned above.
-
Would this feature allow phishers to create a fake site that somehow contains the phrase yahoo.com thus tricking the software into realeasing your password?
I'm not entirely sure if it is possible to do this, or if your software falls for this, I was just wondering.
Also I don't know why someone would want to go into important password protected sites through a proxy, but you never know.
-
Hi Juandon,
Would this feature allow phishers to create a fake site that somehow contains the phrase yahoo.com thus tricking the software into realeasing your password?
Yes, but the user must still click "Submit" after the password field is populated. It goes without saying that you should examine the URL before submitting any data over the internet.
Regards,
Eric
-
By the way, if you're using any modern browser, you're safe from IDN (international domain name) URL spoofing (a.k.a. homograph attacks (http://en.wikipedia.org/wiki/IDN_homograph_attack)). Specifically, Firefox deals with this by displaying those URLs as PunyCode (http://en.wikipedia.org/wiki/Punycode) (read this (http://en.wikipedia.org/wiki/International_Domain_Names) for more info). You can try this out by going to http://www.pаypal.com/ (http://www.pаypal.com) and looking at the address bar.