The Un-Official Proxomitron Forum

Full Version: ProxHTTPSProxyMII: Reloaded
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
(Feb. 13, 2015 03:49 PM)Quaraxkad Wrote: [ -> ]Isn't there any way to just tell it "I don't care about certificates, just do it"?

Try adding a * to the [SSL No-Verify] section of "config.ini".

HTH
(Feb. 14, 2015 03:41 AM)JJoe Wrote: [ -> ]Try adding a * to the [SSL No-Verify] section of "config.ini".

I will try that, thanks.
Just to follow up, I took all the earlier suggestions and reinstalled it on my friend's Win7/Firefox system and everything works fine now. Smile! I'm not sure if it could help anyone else, but I did follow a slightly different procedure than the first time. Instead of just giving him my Proxomitron default.cfg containing the ProxHTTPSProxy settings, I took those items out and added them through the program interface. Also used the new version 1.3 that whenever posted Feb 12. Deleted/reimported ca.crt, and changed DNS from his ISP to Open DNS.
* For local file requests, use an expression like

Code:
$USEPROXY(false)$RDIR(http://local.ptron/killed.gif)

Where in Sidki's set would this line go?
2. Redirect connections to http resources with an expression like

Code:
$USEPROXY(false)$SET(keyword=i_proxy:0.)$RDIR(http://local.ptron/killed.gif)

and Where in Sidki's set would this line go?
Thanks, Greg
(Feb. 24, 2015 09:59 PM)charliebrown10242048 Wrote: [ -> ]Where in Sidki's set would this line go?
(Feb. 24, 2015 10:03 PM)charliebrown10242048 Wrote: [ -> ]and Where in Sidki's set would this line go?

They go where you have added an expression that requires them. It could be a filter or list.

Typically to 'kill' a request or replace a resource you might use an expression like

Code:
[^/]+/ad.jpg $RDIR(http://local.ptron/killed.gif)

The Proxomitron will send these 'typical' requests to the ProxHTTPSProxyMII rear server and they may fail. ProxHTTPSProxyMII does not know "local.ptron", for example.

"$USEPROXY(false)" is do not use ProxHTTPSProxyMII.
"i_proxy:0." is a sidki specific flag that lets the set know a proxy is not used.

HTH
using Opera 12.17; xp sp3;Proxomitron 4.5 (HxD'd Amy Hex4U fixed)
I'm now getting the certificate security issues:

Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......

What did I do to make this happen?
More importantly, how do I make it just GO AWAY ??
I would prefer to NOT be 'warned' at all.

added settings for ProxHTTPSProxyMII\config.ini:
[SSL No-Verify]
*
*.*

[19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ][19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]

Work for me, I think (no Opera 12.17).

(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ]I'm now getting the certificate security issues:

Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......

While using ProxHTTPSProxyMII, it probably is
"issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......"
because MII is probably doing all the https. The Proxomitron is receiving http 'tagged' as https.
Did you add MII's cert to Opera?

(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ]What did I do to make this happen?

Was it working?
Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?
Does Opera 12.17 allow the Proxomitron's self signed cert?
(Mar. 03, 2015 04:39 AM)JJoe Wrote: [ -> ]
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ][19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]

Work for me, I think (no Opera 12.17).

Does this mean it is working correctly?

(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ]I'm now getting the certificate security issues:

Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......

While using ProxHTTPSProxyMII, it probably is
"issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......"
because MII is probably doing all the https. The Proxomitron is receiving http 'tagged' as https.

Isn't that what ProxHTTPSProxyMII is for?
"Created to provide modern nag-free HTTPS connections for an HTTP proxy,"

Did you add MII's cert to Opera?

Yes.

(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [ -> ]What did I do to make this happen?

Was it working?
Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?

Yes.
Closed 1030 200 application/json 252 https://login.persona.org/wsapi/session_context
Closed 1029 200 text/html 673 https://login.persona.org/communication_iframe
Closed 1028 304 0 http://bugzilla.mozilla.org/skins/contri...nifier.png
Closed 1027 000 0 http://bugzilla.mozilla.org/skins/contri...ernate.png

ProxHTTPSProxyMII:
[16:27] 050 [D] "GET https://bugzilla.mozilla.org/skins/contr.../noise.png" 304 -
[16:27] 049 [D] "GET https://bugzilla.mozilla.org/skins/contr...bzilla.png" 304 -
[16:27] 056 [D] "GET https://bugzilla.mozilla.org/skins/contr...ernate.png" 304 -
[16:27] 054 [D] "GET https://bugzilla.mozilla.org/skins/contr...nifier.png" 304 -

Does Opera 12.17 allow the Proxomitron's self signed cert?
Yes.
(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote: [ -> ]
(Mar. 03, 2015 04:39 AM)JJoe Wrote: [ -> ]Work for me, I think (no Opera 12.17).

Does this mean it is working correctly?

For me, yes. I don't see the errors you posted. Pages that I checked loaded without complaints.

(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote: [ -> ]Isn't that what ProxHTTPSProxyMII is for?
"Created to provide modern nag-free HTTPS connections for an HTTP proxy,"

Yes, so the browser should not see "issuer: Proxomitron......"
Also, with recent Proxomitron patches and depending on browser, ProxHTTPSProxyMII may not be necessary.

(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote: [ -> ]
(Mar. 03, 2015 04:39 AM)JJoe Wrote: [ -> ]Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?

Yes.
Closed 1030 200 application/json 252 https://login.persona.org/wsapi/session_context
Closed 1029 200 text/html 673 https://login.persona.org/communication_iframe
Closed 1028 304 0

While using ProxHTTPSProxyMII all the addresses should be http:.
ProxHTTPSProxyMII front sends https requests to the Proxomitron as http with a "Tagged:ProxHTTPSProxyMII FrontProxy/*" header.
The Proxomitron forwards these "Tagged:" requests to ProxHTTPSProxyMII rear.
ProxHTTPSProxyMII rear makes the secure connection with the site's server.

Are you sure you did the following?

Code:
To use
----

* Add the ProxHTTPSProxy rear server to the Proxomitron's list of external proxies

Code:
127.0.0.1:8081 ProxHTTPSProxyMII

* Add to Proxomitron's "Bypass URLs that match this expression" field if it is empty

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)

* Add to the beginning of the entry in Proxomitron's "Bypass URLs that match this expression" field if it is **not** empty

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)|

I've attached a modified version of Scott's cfg to show implementation.

Don't use Half-SSL.

HTH
"While using ProxHTTPSProxyMII all the addresses should be http:."

besides http://local.ptron/.pinfo/urls/,

Is this also in
the ProxHTTPSProxyMII log
or
the Proxomitron log
or Both?

another question:
the ProxHTTPSProxyMII log:
does it show the logs for the FRONT or the REAR server or both?

Thanks much for your explanations /help.
Greg
(Mar. 09, 2015 02:07 PM)charliebrown10242048 Wrote: [ -> ]"While using ProxHTTPSProxyMII all the addresses should be http:."

besides http://local.ptron/.pinfo/urls/,

Is this also in
the ProxHTTPSProxyMII log
or
the Proxomitron log
or Both?

If all clients are using ProxHTTPSProxyMII for https and Half-SSl is not used, all addresses in Proxomitron's recent urls and log should be http:.

ProxHTTPSProxyMII has been able to do http and https since version 1.1. If a client has been configured to use ProxHTTPSProxyMII for https and http, ProxHTTPSProxyMII log may show https and http.

(Mar. 09, 2015 02:07 PM)charliebrown10242048 Wrote: [ -> ]the ProxHTTPSProxyMII log:
does it show the logs for the FRONT or the REAR server or both?

I think the best answer is both but remember that the REAR may not see all that the FRONT sees.

You are welcome
another question:
the ProxHTTPSProxyMII log:
what do the different colors represent?
red
white
tan
blue
other?
and the [D] after item # ?
and the [F] ?
After looking at ProxHTTPProxy.py and ProxyTool.py:

WHITE for unspecified, time, number, etc.
GREEN for 'normal' traffic.
CYAN for "Denied by blacklist" and "SSL Pass-Thru:"
RED for no verification, traffic errors
YELLOW for traffic errors.
Bright RED for config reloaded, Misconfigured HTTPS proxy port, Certificate Error.

[D] default or normal
[P] ParentServer
[B] Bypass
[F] Front Server
[R] Rear Server
.... and one? more Wink
using ProxHTTPSProxyMII v1.3 (exe version)
Is there a way to whitelist in the config?
I want to allow (https)*.googlevideo.com while blacklisting *.google*.com
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
Reference URL's