pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[kvic]

@elorimer It's generally a bad idea to share credentials among users who you cannot control. Consider the extreme case you suggested where every user of pixelserv-tls shares the same CA certificate (and its private key). By that all users install and trust the same CA certificate in their devices.

A rouge user sets up a fishing page using the CA certificate. It'll show a greenock and may appear legitimate to untrained eyes.

So my recommendation is that ppl shall still closely protect their CA certificate (and its private key). Not for your own good but for your family members who let you install the CA certificate in their devices.

 

[DonnyJohnny]

I have a question regards this one pixel... when we use normal Adblock add-on in browser, the space used for advertisement is not in view.
With ab-solutions pixelserv, there is a block of space for the advertisement. Is this normal? What do u mean by one pixel then?

 

[jrmwvu04]

I have a question regards this one pixel... when we use normal Adblock add-on in browser, the space used for advertisement is not in view.
With ab-solutions pixelserv, there is a block of space for the advertisement. Is this normal? What do u mean by one pixel then?

In short, yes, it's normal. It is because pixelserv only substitutes one pixel in for whatever the original content was to be. There are no modifications to the html. Typically, advertisements use frames or whatever else to format the content around an expected advertisement. When that's subbed for only one pixel, you have that otherwise empty frame left over. Typically, browser extensions also clean up the html/formatting, so that the empty space is eliminated as well.

 

[kvic]

A great example of question and answer. I hope @DonnyJohnny and @jrmwvu04 won't mind that I borrowed your words. Expanded a bit and added it into the FAQ.

 

[kvic]

New beta version Km-test.1 aka v2.1.0-test.1

For details in this test version and the upcoming v2.10 release, pls read the latest on kazoo.ga/pixelserv-tls.

Entware-ng (ARMv7 and mipsel) users can use the one liner below as usual or otherwise to install.

sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"

A major new feature is caching most frequently used certificates in memory and enabling SSL session resume. Recurring HTTPS requests will see significantly less time to process i.e. near HTTP speed.

A snapshot of ssl cache related counters. More explanation on the above page.

Thanks for testing. Will appreciate your feedback.

 

[Raphie]

I updated via the AMTM script and the webserver crashes after about a minute
Restarting Pixelserv via ab-solution brings it back, but then it dies again a few moments later, any ideas?

 

[kvic]

@Raphie
Which binary (arm or mips) and your router model pls?

Can you also try enabling "-l 5" logging temporarily to see any error message right before crash. You can check the log from WebGUI.

 

[Raphie]

Arm on the RT-AC5300

 

[Raphie]

Got the flag, but how do I now follow the log

pixelserv-tls: v2.1.0-test.1 compiled: Mar 3 2018 23:02:59 options: 192.168.1.2 -l 5

uts 0d 00:00 process uptime
log 5 critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc 1 number of active service threads
kmx 1 maximum number of service threads
kvg 0.00 average number of requests per service thread
krq 0 max number of requests by one service thread
req 0 total # of requests (HTTP, HTTPS, success, failure etc)
avg 0 bytes average size of requests
rmx 0 bytes largest size of request(s)
tav 0 ms average processing time (per request)
tmx 0 ms longest processing time (per request)

 

[kvic]

You can view syslog.log from WebGUI under Administration menu > System tab (if I remember correctly).

Alternatively, you can view it in SSH. Type

$ cat /tmp/syslog.log

or

$ tail -f /tmp/syslog.log

(for the last one you need ctrl-c to stop it)

 

[Raphie]

This brings
Mar 3 18:30:03 Admin: Started pixelserv-tls (AB-Solution) from /tmp/mnt/CORSAIR/adblocking/addon/pixelserv-tls.add.
Mar 3 18:30:04 pixelserv-tls[12045]: pixelserv-tls: v2.1.0-test.1 compiled: Mar 3 2018 23:02:59 options: 192.168.1.2 -l 5
Mar 3 18:30:04 pixelserv-tls[12045]: Listening on :192.168.1.2:80
Mar 3 18:30:04 pixelserv-tls[12045]: Listening on :192.168.1.2:443
Mar 3 18:30:06 pixelserv-tls[12045]: 2 uts, 5 log, 0 kcc, 0 kmx, 0.00 kvg, 0 krq, 0 req, 0 avg, 0 rmx, 0 tav, 0 tmx, 0 slh, 0 slm, 0 sle, 0 slc, 0 slu, 0 sct, 0 sch, 0 scm, 0 scp, 0 nfe, 0 gif, 0 ico, 0 txt, 0 jpg, 0 png, 0 swf, 0 sta, 0 stt, 0 ufe, 0 opt, 0 pst, 0 hed, 0 rdr, 0 nou, 0 pth, 0 204, 0 bad, 0 tmo, 0 cls, 0 cly, 0 clt, 0 err
Mar 3 18:30:56 pixelserv-tls[12045]: 52 uts, 5 log, 0 kcc, 0 kmx, 0.00 kvg, 0 krq, 0 req, 0 avg, 0 rmx, 0 tav, 0 tmx, 0 slh, 0 slm, 0 sle, 0 slc, 0 slu, 0 sct, 0 sch, 0 scm, 0 scp, 0 nfe, 0 gif, 0 ico, 0 txt, 0 jpg, 0 png, 0 swf, 0 sta, 0 stt, 0 ufe, 0 opt, 0 pst, 0 hed, 0 rdr, 0 nou, 0 pth, 0 204, 0 bad, 0 tmo, 0 cls, 0 cly, 0 clt, 0 err
Mar 3 18:30:57 Admin: Started pixelserv-tls (AB-Solution) from /tmp/mnt/CORSAIR/adblocking/addon/pixelserv-tls.add.
Mar 3 18:30:57 pixelserv-tls[12912]: pixelserv-tls: v2.1.0-test.1 compiled: Mar 3 2018 23:02:59 options: 192.168.1.2 -l 5
Mar 3 18:30:57 pixelserv-tls[12912]: Listening on :192.168.1.2:80
Mar 3 18:30:57 pixelserv-tls[12912]: Listening on :192.168.1.2:443
Mar 3 18:31:57 pixelserv-tls[12912]: 60 uts, 5 log, 0 kcc, 1 kmx, 11.00 kvg, 11 krq, 11 req, 370 avg, 370 rmx, 1 tav, 4 tmx, 0 slh, 0 slm, 0 sle, 0 slc, 0 slu, 0 sct, 0 sch, 0 scm, 0 scp, 0 nfe, 0 gif, 0 ico, 0 txt, 0 jpg, 0 png, 0 swf, 11 sta, 0 stt, 0 ufe, 0 opt, 0 pst, 0 hed, 0 rdr, 0 nou, 0 pth, 0 204, 0 bad, 0 tmo, 0 cls, 0 cly, 0 clt, 0 err

 

[elorimer]

Crashed here too. 87U, 384b1, ARM

Here's l-5 up to the crash

Mar  3 12:51:36 pixelserv-tls[12732]: SSL_accept error:0 status:3
Mar  3 12:51:47 pixelserv-tls[12732]: 192.168.0.104 cdn.optimizely.com GET /public/3013110282/s/section_front_prod.js HTTP/1.1 secure
Mar  3 12:51:47 pixelserv-tls[12732]: recv() ECONNRESET: Success
Mar  3 12:51:47 pixelserv-tls[12732]: Exit recv loop socket:10 rv:0 errno:0 num_req:1
Mar  3 12:51:47 pixelserv-tls[12732]: recv() ECONNRESET: Success
Mar  3 12:51:47 pixelserv-tls[12732]: Exit recv loop socket:11 rv:0 errno:0 num_req:1
Mar  3 12:51:47 pixelserv-tls[12732]: 192.168.0.104 c.amazon-adsystem.com GET /aax2/apstag.js HTTP/1.1 secure
Mar  3 12:51:48 pixelserv-tls[12732]: 192.168.0.104 www.googletagservices.com GET /tag/js/gpt.js HTTP/1.1 secure
Mar  3 12:51:48 pixelserv-tls[12732]: SSL_accept error:0 status:3
Mar  3 12:51:48 pixelserv-tls[12732]: no file extension /50550 from path /site/50550
Mar  3 12:51:48 pixelserv-tls[12732]: 192.168.0.104 tags.bluekai.com GET /site/50550?ret=js&limit=1 HTTP/1.1 secure
Mar  3 12:51:48 pixelserv-tls[12732]: 192.168.0.104 www.googletagmanager.com GET /gtm.js?id=GTM-WF9QCL2>m_auth=28ykelszAvyta5q5YGRVOg>m_preview=env-53>m_cookies_win=x HTTP/1.1 secure
Mar  3 12:51:49 pixelserv-tls[12732]: 192.168.0.104 sb.scorecardresearch.com GET /beacon.js HTTP/1.1 secure
Mar  3 12:51:49 pixelserv-tls[12732]: recv() ECONNRESET: Success
Mar  3 12:51:49 pixelserv-tls[12732]: Exit recv loop socket:15 rv:0 errno:0 num_req:1
Mar  3 12:51:49 pixelserv-tls[12732]: recv() ECONNRESET: Success
Mar  3 12:51:49 pixelserv-tls[12732]: Exit recv loop socket:16 rv:0 errno:0 num_req:1
Mar  3 12:51:50 pixelserv-tls[12732]: 192.168.0.104 px.ads.linkedin.com GET /collect/?time=1520099509518&pid=40524&url=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fbooks%3Faction%3Dclick%26contentCollection%3Darts%26region%3Dnavbar%26module%3Dcollectionsnav%26pagetype%3Dsectionfront%26pgtype%3Dsectionfront&pageUrl=https%3A%2F%2Fwww.nytimes.com%2Fsection%2Fbooks%3Faction%3Dclick%26contentCollection%3Darts%26region%3Dnavbar%26module%3Dcollectionsnav%26pagetype%3Dsectionfront%26pgtype%3Dsectionfront&ref=http
Mar  3 12:51:52 pixelserv-tls[12732]: 192.168.0.104 192.168.0.3 GET /servstats HTTP/1.1
Mar  3 12:51:52 pixelserv-tls[12732]: 192.168.0.104 192.168.0.3 GET /favicon.ico HTTP/1.1

This might be slightly more helpful, after another crash:

Mar  3 12:56:46 pixelserv-tls[13173]: 192.168.0.104 c.amazon-adsystem.com GET /aax2/apstag.js HTTP/1.1 secure
Mar  3 12:56:46 pixelserv-tls[13173]: 192.168.0.104 www.googletagservices.com GET /tag/js/gpt.js HTTP/1.1 secure
Mar  3 12:56:47 pixelserv-tls[13173]: no file extension /50550 from path /site/50550
Mar  3 12:56:47 pixelserv-tls[13173]: 192.168.0.104 tags.bluekai.com GET /site/50550?ret=js&limit=1 HTTP/1.1 secure
Mar  3 12:56:47 pixelserv-tls[13173]: recv() ECONNRESET: Success
Mar  3 12:56:47 pixelserv-tls[13173]: Exit recv loop socket:14 rv:0 errno:0 num_req:1
Mar  3 12:56:48 pixelserv-tls[13173]: no file extension /ASM-WINDOWSSQ from path /settings/v3.0/TELEMETRY/ASM-WINDOWSSQ
Mar  3 12:56:48 pixelserv-tls[13173]: 192.168.0.107 settings-win.data.microsoft.com GET /settings/v3.0/TELEMETRY/ASM-WINDOWSSQ?expId=&sku=101&deviceClass=Windows.Desktop&sampleId=27381562&app=utc&appVer=10.0.16299.192&isRetailOS=1&locale=en-US&ms=0&osVer=10.0.16299.192.amd64fre.rs3_release.170928-1534&deviceId=s%3ABBC7643D-D9FD-4A35-B331-60E3201B31DD&os=windows&ring=Retail HTTP/1.1 secure
Mar  3 12:56:48 pixelserv-tls[13173]: no file extension /app from path /settings/v3.0/utc/app
Mar  3 12:56:48 pixelserv-tls[13173]: 192.168.0.107 settings-win.data.microsoft.com GET /settings/v3.0/utc/app?expId=&sku=101&deviceClass=Windows.Desktop&sampleId=27381562&app=utc&appVer=10.0.16299.192&isRetailOS=1&locale=en-US&ms=0&osVer=10.0.16299.192.amd64fre.rs3_release.170928-1534&deviceId=s%3ABBC7643D-D9FD-4A35-B331-60E3201B31DD&os=windows&ring=Retail HTTP/1.1 secure
Mar  3 12:56:48 pixelserv-tls[13173]: no file extension /ASM-WindowsDefault from path /settings/v3.0/telemetry/ASM-WindowsDefault
Mar  3 12:56:48 pixelserv-tls[13173]: 192.168.0.107 settings-win.data.microsoft.com GET /settings/v3.0/telemetry/ASM-WindowsDefault?expId=&sku=101&deviceClass=Windows.Desktop&sampleId=27381562&app=utc&appVer=10.0.16299.192&isRetailOS=1&locale=en-US&ms=0&osVer=10.0.16299.192.amd64fre.rs3_release.170928-1534&deviceId=s%3ABBC7643D-D9FD-4A35-B331-60E3201B31DD&os=windows&ring=Retail HTTP/1.1 secure
Mar  3 12:56:56 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ac:9e:17:97:2b:30:00:76:86:45:44:19:08:00 SRC=5.188.10.108 DST=69.122.99.221 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=33102 PROTO=TCP SPT=45556 DPT=3382 SEQ=660598693 ACK=0 WINDOW=2484 RES=0x00 SYN URGP=0 
Mar  3 12:56:58 pixelserv-tls[13173]: 192.168.0.104 192.168.0.3 GET /servstats HTTP/1.1
Mar  3 12:56:58 pixelserv-tls[13173]: 192.168.0.104 192.168.0.3 GET /favicon.ico HTTP/1.1
Mar  3 12:57:03 pixelserv-tls[13173]: 192.168.0.104 192.168.0.3 GET /servstats HTTP/1.1
Mar  3 12:57:03 pixelserv-tls[13173]: 192.168.0.104 192.168.0.3 GET /favicon.ico HTTP/1.1
Mar  3 12:57:36 pixelserv-tls[13173]: SSL_accept error:0 status:3

 

[Raphie]

After running the syslog Pixelserv seems to keep running,
Disn’t give a crash reason in log.
Will remove the flags now and see what happens.
16 mins up and counting

 

[Raphie]

pixelserv-tls: v2.1.0-test.1 compiled: Mar 3 2018 23:02:59 options: 192.168.1.2 -l 5

uts 0d 00:22 process uptime

Not sure what did the trick, but seems ok now...
No new entries in syslog either.

 

[Raphie]

Talked to soon, crashed just after this skynet entry in syslog
Mar 3 19:00:00 Skynet: [Complete] 190 IPs / 13 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 4 Outbound Connections Blocked! [0s]
No Pixelserv error logged in syslog though.

 

[Adamm]

Talked to soon, crashed just after this skynet entry in syslog
Mar 3 19:00:00 Skynet: [Complete] 190 IPs / 13 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 4 Outbound Connections Blocked! [0s]
No Pixelserv error logged in syslog though.

Thats just Skynets normal hourly save command. I don't see how it would interfere unless its a CPU/Ram constraint issue with pixelserv.

 

[thelonelycoder]

For those with an RT-AC86U and with Entware-3x arm8 installed, v2.0.1-test1 will not work (yet).
It fails to start up, no further error messages are given in the syslog.

 

[thelonelycoder]

For AB-Solution users, I have released the updated addon file pixelserv-tls.add v3.11.2 that adds support for the cache -c switch for this latest pixelserv-tls test version.
Use cu to update.

 

[jrmwvu04]

Picked up the binary from GitHub. I'll leave the cache size at default 100 for now unless testing results suggest a change would be in order.

 

[jrmwvu04]

1000 replies!

Also, I’m getting crashes as well. The first somewhere after the first hour or so. Enabled logging and rebooted, and it crashed entirely unceremoniously within moments of the system boot.

Mar  3 19:28:16 crond[633]: time disparity of 3771387 minutes detected
Mar  3 19:28:25 pixelserv-tls[714]: mobileads.msn.com _.msn.com missing
Mar  3 19:28:26 pixelserv-tls[714]: cert generated and saved: _.msn.com

And then that was it. Using the arm binary on 1900P