ProxHTTPSProxyMII: Reloaded
|
May. 15, 2018, 08:45 AM
(This post was last modified: May. 15, 2018 06:54 PM by ryszardzonk.)
Post: #223
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 14, 2018 09:15 PM)vlad_s Wrote: That article was related to squid 3.5.X, fixes errors "SECURITY ALERT: Host header forgery detected on..."Yeah since than I decided to use squid-4.0.24-20180410 which is most recent available (seems less problematic than stock 4.0.24). After all it present config Squid does not do any certificate validity checking leaving it all to ProxHTTPSProxyMII nor mangles encrypted traffic with ssl_bump therefore breaking TLS is less likely and experimental patches not all that needed. (May. 15, 2018 04:07 AM)JJoe Wrote:There is more staff that might be useful for others if You want(May. 13, 2018 06:16 AM)ryszardzonk Wrote: EDIT: I have prepared installation scripts for Gentoo Linux which prepare whole chain to have ProxHTTPSProxyMII in transparent proxy mode thanks to squid - adblock2privoxy - program converting any adblock filter into one understood by privoxy (I hope some one will step up some day and update that PCRE version understood by privoxy so there would be no need for that step) - squid - installation script for transparent proxy in version 4.0.24+ not yet available in Portage (Gentoo's package system) - ProxHTTPSProxyMII - You know that one :P As for script itself python packages should install somewhat differently in Gentoo to be available for all versions of python which I do not know how to do, but the script is good enough and only thing it is missing is creating new user in system to have it running not as root. I might add that some time in the future. For now most problematic with using network wide transparent proxy and ssl filtering is Google which changed default policy to not accepting locally issued CA certificates and those android apps simply stopped working in most cases. Adding information to FAQ about need to have your phone rooted or have Magisk installed which would allow CA.crt be system accepted without rooting the phone might also be welcomed PS adblock2privoxy installation script might be added into haskell overlay EDIT: Worth to note is also that Google Chromecast refuses to work with local CA. There is no option in the Chromecast application to setup proxy nor to accept locally issued CA. |
|||
« Next Oldest | Next Newest »
|