Post Reply 
ProxHTTPSProxyMII: Reloaded
May. 16, 2018, 07:36 PM
Post: #226
RE: ProxHTTPSProxyMII: Reloaded
(May. 16, 2018 04:28 PM)vlad_s Wrote:  How can I extract the public key? The certificate does not help with the link. I need to browse the site of https://uslugi.tatarstan.ru/, the browser Waterfox 55 does not, say SEC_ERROR_UNKNOWN_ISSUER, IE does not retrieve the key (the button is gray), MS Edge does not know how or I do not know how.

I tested site at https://www.ssllabs.com/ssltest/index.html

Results, https://www.ssllabs.com/ssltest/analyze.html?d=uslugi.tatarstan.ru&hideResults=on , show a missing cert that can be downloaded from http://cacerts.thawte.com/ThawteRSACA2018.crt
.zip  ThawteRSACA2018.zip (Size: 1.32 KB / Downloads: 43)

uslugi.tatarstan.ru worked for me, after I added the cert to 'cacert.pem'.
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to JJoe for this post:
vlad_s
May. 17, 2018, 04:50 PM
Post: #227
RE: ProxHTTPSProxyMII: Reloaded
Thanks for the link for verification! I already added this certificate. And everything works Smile!.
Add Thank You Quote this message in a reply
May. 20, 2018, 03:01 PM
Post: #228
RE: ProxHTTPSProxyMII: Reloaded
Hi JJoe,

thank you for ProxHTTPSProxy. May I make a humble request? I would very much appreciate if you changed line 113 in CertTool.py from a hard error to a warning or remove them completely:

Code:
def startup_check():
    if not os.path.exists(CERTDIR):
        os.mkdir(CERTDIR)
        if not os.path.exists(CERTDIR):
            print('%s directory does not exist!')
            print('Please create it and restart the program!')
            input()
            raise SystemExit
(The last two lines)

The reason is, on Windows, os.path.exists(...) returns False for directory junctions or symlinks. That means that I can't move the certificates outside of the ProxHTTPSProxy's directory.

Thank you.
Add Thank You Quote this message in a reply
May. 21, 2018, 08:39 AM (This post was last modified: May. 22, 2018 06:32 PM by ryszardzonk.)
Post: #229
RE: ProxHTTPSProxyMII: Reloaded
EDIT:
LOL - I scratched my misleading post. I turned out that all my problems where due to the fact that before I made config backup I replaced frontproxy number with reaproxy... Installation script did it all right just config was wrong... Duah...
Add Thank You Quote this message in a reply
May. 23, 2018, 08:03 AM
Post: #230
RE: ProxHTTPSProxyMII: Reloaded
Is there any reason why downloading ProxHTTPSProxyMII with wget is disallowed? I get the following trying to install application with the script.

Code:
wget https://www.prxbx.com/forums/attachment.php?aid=1029
--2018-05-23 09:57:59--  https://www.prxbx.com/forums/attachment.php?aid=1029
Translacja www.prxbx.com... 104.152.168.6
Łączenie się z www.prxbx.com|104.152.168.6|:443... połączono.
Żądanie HTTP wysłano, oczekiwanie na odpowiedź... 403 Forbidden
2018-05-23 09:58:00 BŁĄD 403: Forbidden.

I can force script with RESTRICT="fetch" option if manual download is required, but would welcome allowing it for easier installation process.
Add Thank You Quote this message in a reply
May. 23, 2018, 01:56 PM
Post: #231
RE: ProxHTTPSProxyMII: Reloaded
(May. 23, 2018 08:03 AM)ryszardzonk Wrote:  Is there any reason why downloading ProxHTTPSProxyMII with wget is disallowed?

Could be the Host's 'terms of service' for the account.
You'd have to ask Kye-U.
Add Thank You Quote this message in a reply
May. 27, 2018, 02:16 AM
Post: #232
RE: ProxHTTPSProxyMII: Reloaded
I'm about to throw in the towel. This issue has been said in this thread time and time again, and I apologize for that in advance, I absolutely can not for the life of me get this to work because of that certificate. I have tried everything listed in this thread that might help but no matter what, even though the certificate is installed and everything is correctly set up, Internet Explorer or any other web browser refuses to load any https site, saying the certificate is invalid, or there is an error or something.

I don't know what else to do. And the funny thing is I installed ProxHTTPSProxyMII on two other Windows 10 computers with zero issues, so why in the world is this one flat out refusing to work? I just don't know.

Please let me know what configs or information to provide to help make this as easy as possible.
Add Thank You Quote this message in a reply
May. 27, 2018, 07:26 AM
Post: #233
RE: ProxHTTPSProxyMII: Reloaded
@JJoe
Yeah I realized in order to download attachment from the forum one has to be logged in. Would posting the program in different location where no login would be required is possible? Hence software is opensource than github perhaps? Reason I ask is that I created installation script for easy adoption by Gentoo Linux users https://bugs.gentoo.org/656470 and automation of tasks is what those scripts are all about.

On the side note is it possible with ProxHTTPSProxyMII to setup in config logging to the file instead of console?

@Hydl
When I first used ProxHTTPSProxyMII I installed CA.crt using browser and turned out it worked only for Firefox and Thunderbird. IE did not install it as trusted root certificate. When I used MMC http://community.lightspeedsystems.com/d...indows-10/ only than CA.crt was used system wide.
Add Thank You Quote this message in a reply
May. 27, 2018, 01:12 PM
Post: #234
RE: ProxHTTPSProxyMII: Reloaded
@ryszardzonk
Thank you for the suggestion, but sadly it didn't work. Each browser is still reporting every https website as insecure. Chrome gives me the error of: "NET::ERR_CERT_AUTHORITY_INVALID"
IE gives me the error of: "DLG_FLAGS_INVALID_CA"
And finally the ProxHTTPSProxyMII 1.4 console gives me the error of: "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www.website.com:443]

Is there something wrong with the certificate that every browser keeps saying its invalid?
Add Thank You Quote this message in a reply
May. 27, 2018, 03:05 PM (This post was last modified: May. 27, 2018 03:06 PM by JJoe.)
Post: #235
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 01:12 PM)Hydl Wrote:  the ProxHTTPSProxyMII 1.4 console gives me the error of: "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www.website.com:443]

First, try ProxHTTPSProxyMII 1.5wipb,
http://prxbx.com/forums/showthread.php?tid=2172&pid=19253#pid19253 .
1.4 does not support SubjectAltNames.

Is there another mitm (antivirus) between MII and the sites?
I have seen "EOF occurred in violation of protocol (_ssl.c:600)" when MII attempts connection to sites that use TLS 1.0. MII does not support TLS 1.0.
Add Thank You Quote this message in a reply
May. 27, 2018, 04:11 PM
Post: #236
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 07:26 AM)ryszardzonk Wrote:  Yeah I realized in order to download attachment from the forum one has to be logged in. Would posting the program in different location where no login would be required is possible? Hence software is opensource than github perhaps? Reason I ask is that I created installation script for easy adoption by Gentoo Linux users https://bugs.gentoo.org/656470 and automation of tasks is what those scripts are all about.

I don't have to login to download.

I found ProxHTTPSProxyMII on github, https://github.com/wheever/ProxHTTPSProxyMII , after I added SAN.
1.5wipb may be added to github. I'm not sure how my changes should be added...

Have you considered uploading to gentoo.org? I'd ask whenever first.

(May. 27, 2018 07:26 AM)ryszardzonk Wrote:  On the side note is it possible with ProxHTTPSProxyMII to setup in config logging to the file instead of console?

I'd assume so but at what cost. My preference is that MII work on as many systems as possible and the user be aware of it. Also, I'm not a python wiz. Wink

whenever posted a lancher to minimize the console window to the system tray,
http://prxbx.com/forums/showthread.php?tid=2172&pid=17955#pid17955 .
Add Thank You Quote this message in a reply
May. 27, 2018, 07:10 PM
Post: #237
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 03:05 PM)JJoe Wrote:  First, try ProxHTTPSProxyMII 1.5wipb,
http://prxbx.com/forums/showthread.php?tid=2172&pid=19253#pid19253 .
1.4 does not support SubjectAltNames.

Thank you JJoe. I tried version 1.5 and it worked immediately without issue. I guess that "SubjectAltNames" was the culprit as you suggested, but everything is working as expected now.

Its very nice to see Proxomitron is still alive after all this time. Also JJoe, I'm not trying to be a pest or anything but I would seriously consider hosting 1.5 on another site. 1fichier seems to be riddled with malware redirects.
Add Thank You Quote this message in a reply
May. 27, 2018, 08:03 PM
Post: #238
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 07:10 PM)Hydl Wrote:  I would seriously consider hosting 1.5 on another site. 1fichier seems to be riddled with malware redirects.

Absolutely... but I don't see any malware redirects. I'll investigate more later.
Add Thank You Quote this message in a reply
May. 28, 2018, 11:41 AM
Post: #239
RE: ProxHTTPSProxyMII: Reloaded
That's because you're using Proxomitron to filter them out? Wink

Have accidentally sent others to sites with malware alongside the useful content, for the same reason...
Add Thank You Quote this message in a reply
May. 28, 2018, 11:54 AM
Post: #240
RE: ProxHTTPSProxyMII: Reloaded
(May. 28, 2018 11:41 AM)amy Wrote:  That's because you're using Proxomitron to filter them out? Wink

Nope. Firefox and Opera with direct connection and no adblockers. Used Opera's proxy to test 3 different countries.

Do you see redirects?
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: