!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\dmz\MercuryMail\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     bearhlp-en.htm (17.46 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Bearhtml Help

BEARHTML Help

Shift + F1 displays Bearhtml version information and switches between this help and the message shown before

BearHtml HomePage    BearHtml at Community

Contents:  Bearhtml.ini  Cache'ing  CSS  Charsets  CopyRights  Font sizing  Graphics  Installation  Introduction  Invalid Html  Keyboard  Logging  Phishing  Printing   Print Preview  Proxy Servers  Redirection  Scripting  Scrolling  Styles   Suspicious HTML    Un-install

Keyboard

Pg Up/Pg Dn Scrolls display by a page
Shift + Pg Up/Pg Dn Scrolls and selects by a page
Home/End Scrolls to beginning/end of line
Shift + Home/End Scrolls & Selects to beginning/end of line
Shift + Ctrl + Home/End Scrolls & Selects to beginning/end of document
Left/Right Arrow Scrolls by char
Shift + Left/Right Arrow Scrolls & Selects chars
Ctrl + Left/Right Arrow Scrolls by words
Shift + Ctrl + Left/Right Arrow Scrolls & Selects words
DoubleClick Selects current word
Up/Down Arrow Scrolls by line
Mousewheel Scrolls by line (+)
Shift + Up/Down Arrow Scrolls & Selects lines
Shift + F8 Select current line
Ctrl + C Copy selected text to Clipboard
Ctrl + A Select All
SpaceBar Scrolls down a page
Ctrl + SpaceBar Scrolls up a page
Ctrl + Mousewheel (removed) Attempt to Decrease/Increase fontsize (*)
Numpad '/' (÷) or '*' Attempt to Decrease/Increase fontsize (*)
'<' or '>' Attempt to Decrease/Increase fontsize (*)
'Ctrl + PageDown/PageUp Attempt to Decrease/Increase fontsize (*)
Shift + Ctrl + 'P' Print html page
Shift + Ctrl + 'R' Enable/disable CSS coding
Shift + Ctrl + 'U' Display remote graphics
Shift + Ctrl + 'Y' Clear remote graphics cache
(*) For different keyboards
(+) See Mousewheel scrolling amounts in Bearhtml.ini
Top

Introduction.

Bearhtml is an Html page renderer (displayer), it is not a browser. Bearhtml supports Html 3.2 and parts of Html 4.1. CSS (Style definitions) is supported at level 1 and partly at level 2. Failure to display a page may be for one of two main reasons:
  1. Badly coded Html or unsupported Html/CSS
  2. Dynamic coding (scripting)
In either case you can attempt to view the page by right clicking and selecting "Show in Browser"
Top

Graphics

Remote URL location graphics files are displayed as Unfetched remote graphic  To see remote graphics, key in Shift + Ctrl + 'U', or right click in the message area (not on a graphic area) and select "Show picture", or ensure that Message Reader option is set to choose fetching automatically. There will be a delay while graphics are fetched. While remote graphics are being downloaded, a counter can be seen to show progress. Do not close the message until this counter completes the countdown.
In the case of corrupt or truncated graphics files a small box with an exclamation point inside it will be displayed to indicate the presence of an undisplayable graphic. Unavailable graphics files will stay as Unfetched remote graphic
Images can be captured by right-clicking on the image. A Save file dialog will appear.

CSS

CSS style tags are an alternate method of composing and enhancing HTML based content. Unlike Html, CSS is ever-improving and adding new features. Bearhtml has full support for CSS V1, and limited support for CSS V2. There is no support for CSS V3. A toggle keystroke sequence (Shift + Ctrl + "R") is available to enable or disable attempts to render displays using CSS. Status line shows current state after a toggle. Alternatively use the "Open in Browser" right click menu to invoke a full browser.
Top

Invalid Html

If Bearhtml is unable to display the html message this causes LibTidy to be invoked to attempt a repair. An attempt is then made to display the repaired message. If this fails the original source html is shown in the display area. Failure at this point indicates a seriously flawed html message. If the display is blank or badly formatted, right click and select "Open in web browser".
Top

Character sets

Html is displayed using the users normal character set (eg ISO-8859-1). If you see blank white squares where text should appear, this is a sign that the sender is using a different character set. Repeat the troubleshooting method above, but when in your browser go to View/Character Encoding and select one of the methods shown in the list. If one of these makes the message readable, you should inform the sender of the character set problem, and have them identify the character set they use in the message headers.
Unicode character set is supported in both Big and Little Endian forms, and is converted to Utf-8 to be displayed in Pegasus Mail. Top

Suspicious Html

Urls that are clicked are checked for possibility of being dangerous, ie Fraudulent asking for personal information Specifically:
  • Check for numeric IP address ie http://191.168.0.1
  • Check for dual domain link address, ie http://www.goodsite.com@www.badsite.com
  • Check for misleading links, ie underlined link Url is different from target Url
  • Check for obscured Url domain names ie http://%37icrosoft.com
  • Check Url with contents of Bearwarn.txt file (Phishing tests)
  • Check if target Url domain in blacklist service www.Surbl.org
If a problem is detected a dialog will prompt you. Clicking OK will invoke the browser. Clicking Cancel, the Url will be remembered for the rest of the Pegasus Mail session. Moving the mouse cursor over the Url again will cause the mouse cursor to turn into a stop sign.
For BlackList checking: WantBl=Yes/No in BearHtml.ini. Click on the Url link. The status line will show result.
If you want more detail check Bearhtml.log for the Blacklist message. It will show an IP address last number (127.0.0.n) that resolves according to which SURBL.ORG combination of lists it occurs in:
  • 2 = comes from sc.surbl.org
  • 4 = comes from ws.surbl.org
  • 8 = Phishing comes from mailsecurity.net.au, rhs.mailpolice.com, http://www.castlecops.com, and the AntiPhishing Working Group
  • 16 = comes from ob.surbl.org
  • 32 = comes from ab.surbl.org
  • 64 = comes from jp data source

Top

Phishing detection

In addition to blacklist validation, Bearhtml will also examine the clickable link in the display. If well known and reputable businesses domain names occur anywhere other than in the correct part of a Url, a warning dialog will be displayed. Users can maintain the list in Bearwarn.txt with their own domains. See Bearwarn.txt for more info.
Top

Scripting

No form of scripting is supported, ie Javascript. Any such coding in a message is ignored. This makes the display of such messages problematic. If needed this html should be passed to a full browser .
In addition all requests for setting or retrieving Cookies are ignored.
Top

Printing

Users can request Header and Footer information be added to the print pages. The font used to produce the page header and footer is defined through the DefaultFontName= and DefaultFontSize= coded in Bearhtml.ini. The current Body text size (adjustable) will be used when printing the body.
Messages with large recipient lists may cause header truncation ( 7 cms reserved).
Top

Print Preview

Users can enable previewing of print by adding a line to Bearhtml.ini that requests it, ie: preview=yes.
Bearhtml can display either one page at a time, or two pages side-by-side. Zooming in on text can be achieved by clicking on the magnifying glass. Setup of printer properties is usually done when the user clicks the Print button. At this time support for Landscape printing is undergoing testing. Top

Styles

At present, inline style definitions are processed. Remote URL location styles are not fetched. See also topic CSS
Top

Fonts sizing/color

Increasing or decreasing the default fontsize using the Ctrl + mousewheel may not work in all cases, and may cause strange formatting in some cases. If a message already has coded font sizes, these will override any default size. Secondly any message with parts coded with a font size, and other parts left to the default size may appear poorly formatted. Note there are multiple keyboard methods to adjust font size in the list above.
Similarily by using DefaultFontColor= you can opt to display the message text in any Windows defined color. Examples are: Black Blue Teal Aqua
Top

Logging

For problem investigation a log file can be created in the Pegasus Mail NewMail directory (eg c:\pmail\mail), it is a text file with name of Bearhtml.log, that can be reviewed using Notepad etc.
Top

Scrolling

There are two forms of scrolling up or down a webpage. Scrollbars on the edge of the display and keyboard characters. In the case of scrollbars, this always uses the Windows standard feature of moving by an amount of pixels in either direction, regardless of where the text cursor is located.
Using the keyboard performs text sensitive scrolling movements to move by an amount of "lines" and relocate the text cursor. In this case the distance scrolled can be an amount easily explained, or in the case of mixed text and graphics the distance scrolled can be quite difficult to explain. Bearhtml will for instance scroll up/down by a page height of pixels and try to find the new line of text completely in view to place the cursor.
Top

Redirection

Http protocol allows that a Url request be modified by the web server to fetch an object (page or image) from another location. Bearhtml can support this feature but by default is disabled. Care must be taken in choosing to enable redirection. It is beyond the scope of this file to describe the risks. See Google searches such as: http://computing-dictionary.thefreedictionary.com/Http+redirection
Top

Cache'ing

If enabled (by WantCache=yes), a copy of downloaded graphic files is kept and subsequent requests for the same graphic are supplied from cache. Cache can be cleared at any time by keying in Ctrl + Shift + Y. Cache-days= influences how long files are kept in the cache.
Top

Proxy Servers

For some installations, workstations are not allowed to connect to the Internet directly. They are instead required to connect to a local proxy server. The proxyserver= value allows this server to be identified and port number to be used. Users of Microsoft's Internet Explorer may have this proxy server already configured. See IE menu Tools/Internet Options/Connections/LAN settings. The same information may be found in Firefox menu Tools/Options/General/Connection Settings. Bearhtml at presnt only checks the Windows Registry for I.E configuration values.
Top

Installation

  1. Shut-down Pegasus Mail
  2. Unzip the content of the new bearhtml.zip into the Pegasus Mail executables directory (eg: c:\pmail).
  3. If required, edit Bearhtml.ini and Bearwarn.txt
  4. If required, save Bearhtml.ini into the user NewMail directory to override the default location values
  5. Restart Pegasus Mail

Top

Un-Install

  1. Shut-down Pegasus Mail
  2. Rename or delete Bearhtml.dll
  3. Restart Pegasus Mail

Top

Contents of Bearhtml.ini

  • ScrollPixels= (default 20) pixel height to move for mousewheel
  • ScrollRepeat= (default 1) repeat scroll for mousewheel
  • ScrollDelayMs= (default 1mSec) delay between scrolls for mousewheel
  • DefaultFontSize= (default 12) Display font size
  • DefaultFontName= (default Arial) Font to use
  • DefaultFontColor= (default Black) Text color to use, if not pre-defined
  • WantBl= (default No, Yes/No) Blacklist checking
  • WantCache= (default Yes, Yes/No) Save graphics in Newmail sub-directory RmtFiles. Files with extension type .Rmt and .Cac are created
  • cache-days= (default 1) If WantCache=yes then operate a elapsed time cache, keeping remote graphics cache'd beyond a Pegasus Mail session. Cache-days=0 keeps remote graphics for remainder of the current day only.
  • LocalIPAddress= (no default, use to avoid local non-routable numeric addresses such as 127.0.0.1 causing Phishing warnings, multiple addresses separated by commas. ie localIPAddress=127.0.0,192.168 would exclude 127.0.0.n and 192.168.n.n.
  • Redirection= ( default No) Http Url redirect to alternative location (risk)
  • proxyserver= (no default, code per example: http://127.0.0.1:8080)
  • Skype= (full pathname to Skype executable). Used for Callto: and Skype: protocols
  • PrinterSetup= (default Yes) Allow printer selection for html printing
  • Preview= (default=no) To display a page in print page sizing
  • Shortinfo= (default Yes) show only domain name in Hint window Url.
  • WarnExtensions= (default .EXE.SCR.PIF) detect risky file extension types on Urls
  • UnloadWinInet= (default=No) Only use to force unloading of WinInet.dll>
  • WantUrlRequest= (default = yes) Urls with "?" character
  • WantCSS= (default = yes) process CSS tags
  • Loglevel= (default 3) Uses same reporting levels as Pegasus Mail, ie
    Loglevel=1 Reports critical Bearhtml function errors
    Loglevel=2 Reports Loglevel=1 and serious errors
    Loglevel=3 Reports Loglevel=1-2 and normal events
    Loglevel=4 Reports Loglevel 1-3 and detailed transaction information
    Loglevel=5 Reports Loglevel 1-4 and Tidy html warnings and errors

Users of Windows 95 have limited character set support and should code CheckUTF8=false in Bearhtml.ini.
Top

Copyrights


Top

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]--