The Un-Official Proxomitron Forum

Hope that someone can shed some lights on my dilemma with the combination of Proxomitron, Firefox Australis (Nightly or Aurora builds) and certain Extensions. (Issue does not exist on non-Australis Firefox builds.)

I am running Proxomitron while enabling "Use SSLeay/OpenSSL to filter secure pages". For some reason, the extensions listed below, once installed, trigger something in the browser to block the page from loading (endless page load) if proxy is not bypassed. Initially I thought it has something to do with "security.mixed_content.block_active_content" set to true (default), but that is not the case.

Pages like the Mozilla Add-ons page, newsfeed from BBC simply will not load. Bypass proxy in the same session and reload page still ends in endless page load. I will have to complete restart the browser, bypass proxy before visiting the sites and loading the pages.

Uninstalling the "offending" extensions and clear up the Pref.js does not work. The only way to get around is disable the proxy or uncheck "SSLeay/OpenSSL" in Proxo. I had to completely rebuild the profile each time. No proxy for "addons.mozilla.org" in the browser did not appear to do much neither.

Extensions:
1. Cookie Monster
2. MediaPlayerConnectivity
3. Status-4-ver
4. Tab Group Helper
5. ForecastFox 2.2.4

(Mar. 27, 2014 01:24 PM)Styx Wrote: [ -> ]Hope

Are you using half-ssl? If so are you stripping "Secure" from the cookies?
I should add, I have a header filter that removes the Strict-Transport-Security header.
Headers purpose is to require https.



I've been using a chrome variant since it allows me to use
on the command line.

For me, https on Firefox requires an extension and more work. The extension, https://addons.mozilla.org/en-US/firefox...ert-error/ quit working after version 24 and I quit updating. Since your post, I see skip-cert-error has been updated...

I installed Mozilla Firefox, Portable Edition 29.0 Beta 1 Rev 2, English at http://portableapps.com/apps/internet/fi...table/test .
Added The Proxomitron's proxcert to Firefox's certificate store, Options>Advanced>Certificates>View Certificates>Authorities>import.
Added https://addons.mozilla.org/en-US/firefox...ert-error/ . Under skip-cert-error options only "Add the exceptions as temporary" is not checked.
Modified about:config
Added Extensions: Cookie Monster, MediaPlayerConnectivity, Status-4-ver, Tab Group Helper.
ForecastFox 2.2.4 did not install due to age.

After all that https works as expected, unfortunately.

https://addons.mozilla.org/en-US/firefox/ opens after skip-cert-error adds the exception for "addons.mozilla.org" but the supporting files at https://mozorg.cdn.mozilla.net/ and https://addons.cdn.mozilla.net have been blocked because Skip-cert-error only works (when it works) on cert-errors that show in the browser's window.
So, I must cause the exceptions to be added for "mozorg.cdn.mozilla.net" and "addons.cdn.mozilla.net" before https://addons.mozilla.org/en-US/firefox/ will show all.
"View image", "View Page Source", "View Page Info", "Inspect Element" in the context menu for a broken page can help find the missing files. The sidki set's menu item "Show ..." can help.

Same at https Google image search. Skip-cert-error adds the exception for https://www.google.com/search but all the images are missing. Right clicking a broken image and selecting "View Image" shows Firefox's cert error

Quote:encrypted-tbn2.gstatic.com uses an invalid security certificate.
The certificate is only valid for Proxomitron
(Error code: ssl_error_bad_cert_domain)"

Skip-cert-error misses this error but catches it after a reload.

Note: I'm using ClickOff to dismiss The Proxomitron's cert error warnings, http://prxbx.com/forums/showthread.php?t...6#pid17446 .

HTH

Ain't it "funny", ha ha, how these d@mn "cert checks" make web browsing a LIVING H#LL?

(Mar. 28, 2014 02:58 AM)JJoe Wrote: [ -> ]I should add, I have a header filter that removes the Strict-Transport-Security header.
Headers purpose is to require https.

Code:

[HTTP headers]
In = TRUE
Out = TRUE
Key = "Strict-Transport-Security: HTTPS: strip to allow filtering 12.11.05 [ADD]"

Do you have anything else similar to this that you have added that could assist the rest of us in ridding d@mn cert-related "stuff"?

Sorry for the delay.

(Mar. 28, 2014 11:38 AM)ProxRocks Wrote: [ -> ]Do you have anything else similar to this that you have added that could assist the rest of us in ridding d@mn cert-related "stuff"?

I don't think so but I have forgotten some details.
I've yet to see a hit for that filter, btw. It came with an intended but never completed update (one of several).

Hi guys! Long time no see... just over 2 years, according to the last login info! :p



I stumbled across my old thread about Proxo's behavior with HTTPS redirects whilst researching HSTS and the memories came surging forth.

Anyway.

Rather than strip the header, it's actually better to set Max-Age to 0 - doing that will remove any previous entries from the database, except for the forced ones.

(May. 07, 2014 04:08 PM)Stone-D Wrote: [ -> ]Rather than strip the header, it's actually better to set Max-Age to 0 - doing that will remove any previous entries from the database, except for the forced ones.

Code:

[HTTP headers]
In = TRUE
Out = FALSE
Key = "Strict-Transport-Security: HSTS Force Zero Age (in)"
Match = "max-age=\0"
Replace = "max-age=0$LOG(R$DTM(c) : [HDR:Strict-Transport-Security] HSTS Force Zero Age: \0)"

Wonderful, Australis with the "problematic" extensions is now working great with the new header. The browser does not hang anymore when I visit the BBC newsfeed or the Moz Extension site.

Nice! I'd kinda given up on Australis. I'll revisit, methinks.