ProxHTTPSProxy, a Proxomitron SSL Helper Program

[Gravemind]

I made it work, sort of, but not really.

Like in the manual, I installed the python (even though I had a compiled executable downloaded) and openssl.

The proxy tests and runs fine. It did even without Python installed.

Concerning the rules:

This rule didn`t redirect anything. I tried changing it in different ways, but it was hopeless.

But the redirecting rules are not that important, I figured there were ways.

I have, for example, 2 lame rules, which show some activity in the ProxHTTPSProxy window. Which is some progress already.

The rules are:

Quote:[HTTP headers]
In = FALSE
Out = TRUE
Key = "ProxHTTPSProxy 443 http"
URL = "$URL(http:?++443:?+) $SETPROXY(127.0.0.1:8081)"

Quote:[HTTP headers]
In = FALSE
Out = TRUE
Key = "ProxHTTPSProxy HTTPS"
URL = "$URL(https://?+) $SETPROXY(127.0.0.1:8081)"

The In/Out combinations don`t matter — they don`t work anyway. I am missing something here.

Quote:Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://workflowy.com/

Apache/2.2.12 (Ubuntu) Server at workflowy.com Port 443

But the easy way to make it work is to check "Use Remote Proxy". Then it starts working, the sites are all moved though it.

But it doesn`t issue 307 redirects, I guess.

Because the browser keeps showing https-warning windows. That means, it still believes it is on a secured page. Which is not supposed to happen, right?

If I make an exception for the certificate, it continues working and really changes links into http like this:

https://workflowy.com/
http://workflowy.com:443/

https://click.alfabank.ru/ALFAIBSR/
http://click.alfabank.ru:443/ALFAIBSR/

From the log below, it looks like there is no magic redirect. But even in this case, how come the browser still asks for the permission to use the certificate.

GET http://workflowy.com:443/ HTTP/1.1 — this comes after the SSL Pass-Thru: CONNECT https://workflowy.com:443/. Should this mean, that this ssl connection has been closed and the browser is now connecting to http? Stange.

I don`t know how to copy ProxHTTPSProxy log.

So, did anyone around have real success with it? Do you have any warnings when you run it and don`t the sites still ask for certificates?

This was really promising, but I don`t get it or probably it no longer works. Regrets.

Quote:+++GET 17284+++
Using Proxy - 127.0.0.1:8081
CONNECT https://workflowy.com:443/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Proxy-Connection: keep-alive
Host: workflowy.com

+++SSL 17284:+++
SSL Pass-Thru: CONNECT https://workflowy.com:443/
HTTP/1.0 200 Connection established
HTTP/1.0 Proxy-agent: ProxHTTPSProxy/0.4b Python/2.6.5
+++CLOSE 17284+++

+++GET 17285+++
Using Proxy - 127.0.0.1:8081
GET http://workflowy.com:443/ HTTP/1.1
Host: workflowy.com:443
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
Cookie: sessionid=a9fdb1df5df7350dd7adaf279c18c465; _seg_id=566e7c951eb314e0%7C%3E1%7C%3E52f45a5bbe7a21e6%7C%3E1338155179735%7C%3E1338155535766
Cache-Control: max-age=0
Connection: keep-alive
Browser reload detected...

+++RESP 17285+++
HTTP/1.1 200 OK
Date: Sun, 27 May 2012 21:54:12 GMT
Server: Apache/2.2.12 (Ubuntu)
Vary: Cookie,Accept-Encoding
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 6422
Connection: close
Content-Type: text/html; charset=utf-8
+++CLOSE 17285+++