Post Reply 
Proxomitron Reborn
Jan. 03, 2019, 02:03 PM
Post: #151
RE: Proxomitron Reborn
Have a question about Post 97 by zoltan (Dec. 11, 2018).

He posts what's in his main Proxomitron folder:

"Just to be certain, my main Proxomitron folder contains:
certs.pem, libeay32.dll, msvcr70.dll, openssl.exe, proxcert.pem, proxcert_certonly.pem, ssleay32.dll & zlib.dll.

Any problem with those?"

--------------------

amy posts in Post 98:

Your file list looks fine (apart from the surprising lack of a default.cfg, or maybe you source your config from elsewhere.) The msvcr70.dll is not needed with the DLLs in my post.


OK, my question ... I did not have 'msvcr70.dll' in the main folder, so that's OK. However, I also do not have 'proxcert_certonly.pem' in my main Proxomitron folder.

What is that and where do I get it? ... I assume it is needed or should be in the folder.

I have everything else mentioned by zoltan.
...
Add Thank You Quote this message in a reply
Jan. 03, 2019, 03:29 PM
Post: #152
RE: Proxomitron Reborn
(Jan. 03, 2019 02:03 PM)Callahan Wrote:  However, I also do not have 'proxcert_certonly.pem' in my main Proxomitron folder.

What is that and where do I get it? ... I assume it is needed or should be in the folder.

You click "Certificate Generation and Installation" (Config>>HTTPS). Shown in post 88.

"Add root certificate generation" in Post 89 for use.

(Dec. 10, 2018 05:39 AM)amy Wrote:  If you click Generate, it will create/overwrite the proxcert.pem and proxcert_certonly.pem files, and then after restarting Proxomitron and installing the certificate as a trusted root in the browser(s) you use, you can start experiencing real SSL filtering!

The generated "proxcert.pem" starts with a private key. "proxcert_certonly.pem" is just the certificate.
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to JJoe for this post:
Callahan, amy
Jan. 03, 2019, 06:19 PM
Post: #153
RE: Proxomitron Reborn
Thanks JJoe for the reply and detailed information. I will work on this later today or evening.
...
Add Thank You Quote this message in a reply
Jan. 05, 2019, 04:00 AM
Post: #154
RE: Proxomitron Reborn
(Jan. 03, 2019 05:40 AM)amy Wrote:  I will consider changing the request parsing such that local.ptron is a "special" host and automatically becomes a local request regardless of port number.

That fix will help to fix another issue I'm going to talk about. I'm on a Mac so my writing may be inaccurate.

If you turn on debug in the log window, then visit a https site say https://twitter.com, you will see the stylesheet for the dbug view is not applied. If you right click to view the source of that page, you will see the viewsrc.css is inserted via href="http://....." and that's why it's not loaded on a https site. That http:// thing is hardcoded in the program so it needs to be adjusted to automatically adapt to the protocol of the page. Besides viewsrc.css, this needs to be changed for all other local.ptron resources.

I agree with you that local.ptron should be treated specially regardless of port number. It's https if you see CONNECT, otherwise it is http, the port number is not important, and is not even needed in the config - https tab.
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to whenever for this post:
mizzmona
Jan. 06, 2019, 06:55 PM
Post: #155
RE: Proxomitron Reborn
Aloha,

I just registered to say THANK YOU ALL!

I'm a Proxomitron lover, and now, without the certificate warnings, I even love more!

A happy new year to everybody out there, may this message be reached through via http or https... Smile!
Add Thank You Quote this message in a reply
Jan. 07, 2019, 05:54 AM
Post: #156
RE: Proxomitron Reborn
Current Browsers will not open the file URLs on http://local.ptron/.pinfo/lists/ because they have the form "file//C|". The form needs to be "file//C:".
Please correct the form.



In the past, I have 'fixed' this (and more) by filtering "127.0.0.1:8080/.pinfo/" pages.
While "local.ptron/.pinfo" pages can not be filtered, "127.0.0.1:8080/.pinfo" pages could.

Code:
[Patterns]
Name = "/.pinfo/lists/ fix file url : for |"
Active = TRUE
URL = "127.0.0.1:8080/.pinfo/lists/"
Limit = 1
Match = "\|"
Replace = ":"

Starting with "4.6.0.0", "127.0.0.1:8080.pinfo" pages can not be filtered.
Could we have the old behavior back?



To block a request, I may redirect it to a local file with an expression like

Code:
$USEPROXY(false)$SET(keyword=i_proxy:0.)$RDIR(127.0.0.1:8080/killed.gif?\u)

because "127.0.0.1:8080" requests are displayed at "local.ptron/.pinfo/urls/" and "127.0.0.1:8080/.pinfo/urls/", unlike "local.ptron" requests.
Starting with "4.6.0.0", "127.0.0.1:8080" requests are not displayed at "/.pinfo/urls".
Could we have the old behavior back?
Add Thank You Quote this message in a reply
Jan. 08, 2019, 01:36 AM (This post was last modified: Jan. 08, 2019 01:36 AM by whenever.)
Post: #157
RE: Proxomitron Reborn
Another suggestion is to remove MD5, SHA1 and SHA224 from the Signature Algorithm drop down menu. They are either not secure any more or not approved for use with publicly trusted certificates. I can also foresee by removing them will also avoid new users complaining their browsers not working with the certificates and blaming it to Proxomitron.

Reference:
  • https://www.sslshopper.com/article-check-ssl-certificates-for-the-vulnerable-md5-algorithm.html
  • https://www.thesslstore.com/blog/difference-sha-1-sha-2-sha-256-hash-algorithms/


.png  hashing algorithm.png (Size: 7.12 KB / Downloads: 21)
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: