The Un-Official Proxomitron Forum / Forum Related / Proxomitron Program v / Bypass List entries


Post Reply 
Bypass List entries
Feb. 07, 2009, 11:42 PM
Post: #1
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
Bypass List entries
Two sites that use on-the-fly authentication (application/ocsp-response), which Proxomitron's SSL libraries to my knowledge don't support, thus don't work, at least not here:

Adobe Flash 10: Right click -> Settings -> Privacy (2nd icon) -> Advanced... -> How do I get to the Settings Manager?
Code:
# Flash advanced settings manager:
# https://www.macromedia.com/support/flashplayer/sys/settingsmanager2.swf
www.macromedia.com:


Opera 9.63: Tools -> Advanced -> Developer Tools:
Code:
# Opera's developer tools:
dragonfly.opera.com:
Add Thank You Quote this message in a reply
Sep. 17, 2009, 06:37 AM (This post was last modified: Sep. 24, 2009 10:07 PM by JJoe.)
Post: #2
JJoe Offline
Administrator
*******
 		Posts: 1,638
Joined: Oct 2005
RE: Bypass List entries
Probably:

Code:
# Opera: Address accepting login information for Opera account
# https://auth.opera.com/xml
auth.opera.com:

Depends on what all gets updated:

Code:
# Opera: "The long awaited auto-update functionality is here!"
autoupdate.opera.com:
certs.opera.com:
help.opera.com/servicefiles/userjsfiles/all/browserjs[-0-9]++.js
xml.opera.com/update/\?timesincelastcheck
xml.opera.com/spoof/
xml.opera.com:443/spoof/
xml.opera.com/userjs/
help.opera.com/dictionary/dictionaries.xml

[^.]+.verisign.com/[^.]+.cer
crl.verisign.com/[^.]+.crl
[^.]+ocsp.verisign.com/?[^/.;?]+

crl.entrust.net/[^.]+.crl

[^.]+ocsp.digicert.com/?[^/.;?]+

[^.]+ocsp.thawte.com/?[^/.;?]+

Ummm...:

Code:
# Opera: Google TLD URL
# https://www.google.com/searchdomaincheck?format=domain
www.google.com:443/searchdomaincheck\?format=domain

Edit: Added to the list of possible Bypass List entries.
Edit: Added to the list of possible Bypass List entries.
Add Thank You Quote this message in a reply
Sep. 18, 2009, 06:40 AM
Post: #3
Siamesecat Offline
Member
****
 		Posts: 500
Joined: Mar 2004
RE: Bypass List entries
Prox's SSL filtering does not work properly for me any more. I had to give up on it. I kept getting error messages about SSL. I tried several different versions of the dynamic link libraries and none of them works well any more.
Add Thank You Quote this message in a reply
Sep. 18, 2009, 02:20 PM
Post: #4
defconnect Offline
Member
 		Posts: 41
Joined: May 2008
RE: Bypass List entries
Hello Siamesecat.

Did you see Jjoe's suggestion in this thread http://prxbx.com/forums/showthread.php?tid=1478, assuming you are using Opera.
Have had occasional troubles with Proxo'd SSL as well (Vista SP2 x86), at times raising many SSL exception error pop-ups.

Have a nice weekend all Smile!
Add Thank You Quote this message in a reply
Sep. 18, 2009, 05:36 PM
Post: #5
JJoe Offline
Administrator
*******
 		Posts: 1,638
Joined: Oct 2005
RE: Bypass List entries
(Sep. 18, 2009 02:20 PM)defconnect Wrote:  Did you see Jjoe's suggestion in this thread http://prxbx.com/forums/showthread.php?tid=1478, assuming you are using Opera.

I don't think that was Siamesecat's problem.
Proxomitron uses its own certs for filtering.
When filtering SSL, I also see occasional error messages and exceptions.

Opera uses https and http to update.

(Sep. 18, 2009 02:20 PM)defconnect Wrote:  Have a nice weekend all

Farmwork. Will probably be offline Saturday and useless Sunday.
Add Thank You Quote this message in a reply
Sep. 19, 2009, 06:35 AM
Post: #6
Siamesecat Offline
Member
****
 		Posts: 500
Joined: Mar 2004
RE: Bypass List entries
I began getting those things all the time. I finally gave up and quit filtering HTTPS because it was too frustrating.
Add Thank You Quote this message in a reply
Sep. 23, 2009, 05:32 PM (This post was last modified: Sep. 23, 2009 05:34 PM by sidki3003.)
Post: #7
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
RE: Bypass List entries
(Sep. 17, 2009 06:37 AM)JJoe Wrote:  Probably:

JJoe, could you verify the required SSL entries?
I'd add them to a copy of "Bypass List.txt" then (current version attached), which i'd like include with (far) future sidki-configs. With a different list name.

edit: Just noticed that i've added "certs.opera.com:" already. Does this single entry possibly fix that other reported problem?


Attached File(s)
.txt  Bypass List.txt (Size: 1.44 KB / Downloads: 761)
Add Thank You Quote this message in a reply
Sep. 24, 2009, 12:54 AM
Post: #8
JJoe Offline
Administrator
*******
 		Posts: 1,638
Joined: Oct 2005
RE: Bypass List entries
(Sep. 23, 2009 05:32 PM)sidki3003 Wrote:  JJoe, could you verify the required SSL entries?

Soon as I get the chance, I'll see what I can do.

(Sep. 23, 2009 05:32 PM)sidki3003 Wrote:  edit: Just noticed that i've added "certs.opera.com:" already. Does this single entry possibly fix that other reported problem?

Maybe.
There may be more than one path to the certs.

Some of the entries came from http://www.dslreports.com/forum/r23056926- .

BandHeight Wrote:It seems pretty clear that the new sequence of events no longer includes an attempted connection to 'svrsecure-g2-aia.verisign.com' and therefore, the certificate is successfully retrieved even with Proxomitron's filter enabled.

Better go now.
Later
Add Thank You Quote this message in a reply
Sep. 24, 2009, 10:29 PM
Post: #9
JJoe Offline
Administrator
*******
 		Posts: 1,638
Joined: Oct 2005
RE: Bypass List entries
(Sep. 23, 2009 05:32 PM)sidki3003 Wrote:  JJoe, could you verify the required SSL entries?

I have seen 3:
autoupdate.opera.com:
certs.opera.com:
xml.opera.com:443/spoof/
.

Have not seen
auth.opera.com
.
I may join to see how this works later.

Did not find
svrsecure-g2-aia.verisign.com
.
Add Thank You Quote this message in a reply
Sep. 26, 2009, 07:59 AM
Post: #10
sidki3003 Offline
Administrator
*******
 		Posts: 1,458
Joined: Mar 2004
RE: Bypass List entries
Thanks Smile!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump:


Contact Us | The Un-Official Proxomitron Site | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication