Post Reply 
Proxomitron Reborn
Aug. 10, 2018, 07:22 AM
Post: #76
RE: Proxomitron Reborn
Nice to see this orphaned jewel reborn. Smile!

[Image: certs.png]

I'm getting this warning on every secure site I visit, irrespective of what browser I use.
How to get rid of it other than adding an exception for each secure connection?

Thanks in advance!
Add Thank You Quote this message in a reply
Aug. 10, 2018, 11:42 AM
Post: #77
RE: Proxomitron Reborn
You can use this: https://www.prxbx.com/forums/forumdisplay.php?fid=48

Generating appropriately-named certs is on the list of planned features.

If anyone is wondering, I haven't forgotten --- just testing out what will be 4.5.2.0 (containing only fixes of old bugs in 4.5j, no new features) for a bit before releasing.
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to amy for this post:
mizzmona, usr
Aug. 10, 2018, 01:48 PM
Post: #78
RE: Proxomitron Reborn
Thanks for the reply.
I'll give ProxHTTPSProxyMII a try.

(Aug. 10, 2018 11:42 AM)amy Wrote:  Generating appropriately-named certs is on the list of planned features.
These are good news.

Keep up the great work!
Add Thank You Quote this message in a reply
Aug. 13, 2018, 06:23 PM
Post: #79
RE: Proxomitron Reborn
(Jun. 28, 2018 02:33 AM)amy Wrote:  ... patches to use newer OpenSSL
I don't know if this is useful (it sounds useful, but what do I know):

mkcert A simple zero-config tool to make locally trusted development certificates with any names you'd like - downloads various platforms incl. Windows (command line) @ https://github.com/FiloSottile/mkcert
Add Thank You Quote this message in a reply
Sep. 04, 2018, 02:45 AM (This post was last modified: Sep. 05, 2018 02:50 AM by amy.)
Post: #80
Smile RE: Proxomitron Reborn
4.5.2.0 has been released! This fixes a lot of latent bugs which Scott never got around to (and some, like the multithreading ones, which wouldn't have been visible nor easily reproducible on the single-core hardware of the time), so it can be considered the first improvement release of The Proxomitron since 2003!
Quote:- Fix opening local file URLs
- Fix buffer overflow in proxy test function
- Stabilise and refine header filter ordering - URL: filters are now applied first, and also show first in the list. They are sorted respectively alphabetically.
- Clarify file URLs for opening blocklists: URL commands must be enabled to do so, and if not, a warning message is shown.
- Fix date checking for If-Modified-Since in local file requests. Original code would always respond with "not modified", possibly causing caching problems with local file replacements.
- Fix Show URL in browser for https and add option to include scheme. When adding a URL to a blocklist, the menu option to open in browser was broken for https URLs. Now that has been fixed, and a checkbox added to allow you to include the scheme (https:// or http://) when adding to the list.
- Fix unintentional sign-extension in base-64 encoding. Non-ASCII basswords and such should now encode and decode correctly.
- Fix allow IP range comparison. This was accidentally introduced in the rebuild and not in 4.5j.
- Fix duplicate load and image handle leak when loading textures
- Fix tray icon tooltip (now it says Bypassed when... bypassed)
- Fix memory leak in $STOP()
- Fix memory leak in SSLeayShutdown()
- Fix handling of FEXTRA and FHCRC for gzip format
- Fix Allow for Session certificate dialog with multiple parallel connections. It will not continue asking the same host if you have multiple parallel connections and already said Allow for Session once.
- Fix erroneous check of return value when setting OpenSSL certificate callback
- Fix header filter count decrement race condition. No more erroneous "Filters In Use" with 0 active connections
- Fix saving and restoring window sizes (for multiple-monitor users)
- Fix multithreaded OpenSSL initialisation race condition crash
- Fix positioning of context menus for multiple-monitor systems
- Various cleanup/removal of dead-ends in code.

Thanks for all the feature suggestions --- better SSL/TLS filtering support seems to be "most wanted" at the moment, but here's a list of things planned for 4.6:

- Generate and cache appropriately-named certificates (like ProxHTTPSProxyMII, but integrated)
- A way to better manage the Certificate Error exception list and make it persistent (how about in blockfile format? Wink)
- Allow local.ptron and proxy itself to be accessed via HTTPS, although I'm not sure what browsers can make use of the latter
- $REM() for comments in patterns (requested by mizzmona)
Add Thank You Quote this message in a reply
[-] The following 8 users say Thank You to amy for this post:
soccerfan, mizzmona, prxymouse, zoltan, referrer, usr, Callahan, ProxRocks
Sep. 04, 2018, 05:06 AM
Post: #81
RE: Proxomitron Reborn
Surely you clicked the wrong Post Icon? ":(" doesn't seem right!

Wow...

(Sep. 04, 2018 02:45 AM)amy Wrote:  4.5.2.0 has been released! This fixes a lot of latent bugs which Scott never got around to (and some, like the multithreading ones, which wouldn't have been visible nor easily reproducible on the single-core hardware of the time), so it can be considered the first improvement release of The Proxomitron since 2003!
Quote:- Fix opening local file URLs
- Fix buffer overflow in proxy test function
- Stabilise and refine header filter ordering - URL: filters are now applied first, and also show first in the list. They are sorted respectively alphabetically.
- Clarify file URLs for opening blocklists: URL commands must be enabled to do so, and if not, a warning message is shown.
- Fix date checking for If-Modified-Since in local file requests. Original code would always respond with "not modified", possibly causing caching problems with local file replacements.
- Fix Show URL in browser for https and add option to include scheme. When adding a URL to a blocklist, the menu option to open in browser was broken for https URLs. Now that has been fixed, and a checkbox added to allow you to include the scheme (https:// or http://) when adding to the list.
- Fix unintentional sign-extension in base-64 encoding. Non-ASCII basswords and such should now encode and decode correctly.
- Fix allow IP range comparison. This was accidentally introduced in the rebuild and not in 4.5j.
- Fix duplicate load and image handle leak when loading textures
- Fix tray icon tooltip (now it says Bypassed when... bypassed)
- Fix memory leak in $STOP()
- Fix memory leak in SSLeayShutdown()
- Fix handling of FEXTRA and FHCRC for gzip format
- Fix Allow for Session certificate dialog with multiple parallel connections. It will not continue asking the same host if you have multiple parallel connections and already said Allow for Session once.
- Fix erroneous check of return value when setting OpenSSL certificate callback
- Fix header filter count decrement race condition. No more erroneous "Filters In Use" with 0 active connections
- Fix saving and restoring window sizes (for multiple-monitor users)
- Fix multithreaded OpenSSL initialisation race condition crash
- Fix positioning of context menus for multiple-monitor systems
- Various cleanup/removal of dead-ends in code.

Thanks for all the feature suggestions --- better SSL/TLS filtering support seems to be "most wanted" at the moment, but here's a list of things planned for 4.6:

- Generate and cache appropriately-named certificates (like ProxHTTPSProxyMII, but integrated)
- A way to better manage the Certificate Error exception list and make it persistent (how about in blockfile format? Wink)
- Allow local.ptron and proxy itself to be accessed via HTTPS, although I'm not sure what browsers can make use of the latter
- $REM() for comments in patterns (requested by mizzmona)

By "proxy itself" do you mean 127.0.0.1:8080? If so there are advantages to using 127.0.0.1 instead of local.ptron.
Add Thank You Quote this message in a reply
Sep. 05, 2018, 03:10 AM
Post: #82
RE: Proxomitron Reborn
(Sep. 04, 2018 05:06 AM)JJoe Wrote:  Surely you clicked the wrong Post Icon? ":(" doesn't seem right!
You're right, I did. My mistake. Now fixed Smile!
(Sep. 04, 2018 05:06 AM)JJoe Wrote:  By "proxy itself" do you mean 127.0.0.1:8080? If so there are advantages to using 127.0.0.1 instead of local.ptron.
Maybe my notation wasn't so clear --- by "local.ptron" I mean the builtin web server, and "proxy itself" the usual 127.0.0.1:8080. The HTTPS one can't use the same port, so it'll probably be at :8443 or similar.

Currently (and since 4.5j at least) it supports a sort of weird "silent half-SSL" mode where you can connect to it on 8080 and then send it an HTTPS URL, and it then makes an encrypted connection to the site but communication between browser and proxy is still unencrypted. In other words the browser doesn't need to support HTTPS, but it can access those sites through Proxomitron. I'm not sure if any browsers do or can be configured to do this.

What I'm planning to do is add something like https://127.0.0.1:8443/ so you can serve replacement scripts etc. over HTTPS too (eliminating a bunch of security warnings/errors), but then thanks to how it was designed, you would also be able to make an encrypted connection to it and then send requests like the regular one on 8080. Once again, I don't know of any browsers that can use that capability, but nice to know it's there.
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to amy for this post:
Callahan, usr
Sep. 26, 2018, 05:33 AM
Post: #83
RE: Proxomitron Reborn
love what you've done with proxomitron.

(Sep. 05, 2018 03:10 AM)amy Wrote:  Currently ( since 4.5j at least) it supports a sort of weird "silent half-SSL" mode where you can connect to it on 8080 and then send it an HTTPS URL, and it then makes an encrypted connection to the site but communication between browser and proxy is still unencrypted. In other words the browser doesn't need to support HTTPS, but it can access those sites through Proxomitron. I'm not sure if any browsers do or can be configured to do this.
half-SSL is kinda cool. sidki added it to his config set and I still use it that way on a browser where I can block ssl connections. There are caveats and limitations to doing this, but it's enough that I never bothered with chaining ProxHTTPSProxy to proxomitron.

When using half-ssl with proxo reborn there's a bug where the Host header contains the half-ssl proxy prefix. For example, this site's Host header appears:
Host: https-px-.www.prxbx.com

You can reproduce the bug using sidki's latest config set, sidki_2011-12-22rc1, and turning on the half-ssl filters
https://www.prxbx.com/forums/showthread.php?tid=1870
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: