The Un-Official Proxomitron Forum

Full Version: ProxHTTPSProxyMII: Reloaded
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
(Dec. 03, 2015 12:34 PM)whenever Wrote: [ -> ]
(Dec. 03, 2015 03:31 AM)JJoe Wrote: [ -> ]HTTP may be optional for now.

Could you give HTTP a try? I will fix it if it breaks.

Seems to be working for me...
(Dec. 03, 2015 12:34 PM)whenever Wrote: [ -> ]
(Dec. 03, 2015 03:31 AM)JJoe Wrote: [ -> ]HTTP may be optional for now.

Could you give HTTP a try?

I had time to quickly test that part before I posted. It worked. Smile!

(Dec. 03, 2015 12:34 PM)whenever Wrote: [ -> ]I will fix it if it breaks.

"optional for now" because IPv6 or HTTP/2 may eventually force Proxomitron users to send HTTP through ProxHTTPSProxyMII.
I thought you would fix it. Wink

Thanks again.
I have a rule that adds references to some local stylesheets, it looks something like this:

Code:
Name = "add reference to local CSS stylesheet"
Active = TRUE
Limit = 7
Match = "</head>"
Replace = "<link rel="stylesheet" type="text/css" href="//local.ptron/default.css"/></head>"

Note the schemeless URL "//" which lets the browser decide whether to use http or https.

While porting a Proxomitron/ProxHTTPSProxyMII setup from Windows XP to Win7, I ran into the following problem:

https://local.ptron/default.css

works on XP but doesn't on Win7 where I get this error:

Code:
502: HTTPError

The following error occurred while trying to access https://local.ptron/default.css

HTTPSConnectionPool(host='local.ptron', port=443): Max retries exceeded with url: /default.css
(Caused by NewConnectionError(': Failed to establish a new connection: [WinError 10061]
No connection could be made because the target machine actively refused it',))

Generated on 2016-01-12 14:27:49.093407 by ProxHTTPSProxyMII FrontProxy/v1.3.1.

So the the request is never passed on to Proxomitron.

My setup is ProxHTTPSProxyMII 1.3.1 running the .py with Python 3.4 on XP and Python 3.5 on Win7.

I know that I can work around it by yanking the contents of default.css using $FILE() but I'd like to know what's going on here and how I can fix this on Win7.

Btw. thanks a lot for ProxHTTPSProxyMII!
Bug:
Code:
https://www4.symantec.com/Vrt/offer?a_id=175670
Code:
417: SSL Certificate Failed

The following error occurred while trying to access https://www4.symantec.com/Vrt/offer?a_id=175670

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
Generated on 2016-02-15 09:03:14.380080 by ProxHTTPSProxyMII RearProxy/v1.3.1.
With an update to Firefox 43.0.1 I've been getting "417: SSL Certificate Failed" on a good many sites. So far, I've been able to add the URLs to the config's no-verify section and they all work, but is there a better way? Can a new CA.crt be downloaded/created, or is something else needed?

Sometimes no actual errors are seen. It just prevents some items from loading, for example, on this page some of the pics don't load (yet sometimes they do) and the log shows "ProxHTTPSProxyMII ..... an established connection was aborted by the software in your host machine." It also prevents magic jack voip phone device from connecting unless 4 addresses are added to SSL pass-thru.

Some sample URLs with errors:
https://login.yahoo.com/
https://interstatebattery.com/
https://portland.pt.craigslist.org/search/tls
I see the errors at 'login.yahoo.com' and 'www4.symantec.com/Vrt/offer?a_id=175670' while using ProxHTTPSProxyMII v1.3.1 (urllib3/1.12). I do not see them while using the py version, ProxHTTPSProxyMII v1.3.1 (urllib3/1.14). So, the updated urllib3 may be the solution to some cert errors.

The certificate at 'interstatebattery.com' is only good for 'www.interstatebatteries.com' or 'interstatebatteries.com'. So it fails as it should.
The certificate at 'portland.pt.craigslist.org/search/tls' is only good for 'craigslist.co.uk', '*.craigslist.co.uk', 'craigslist.ca', '*.craigslist.ca', '*.craigslist.org', 'craigslist.org', or 'www.craigslist.org'. So it fails as it should.

"ProxHTTPSProxyMII ..... an established connection was aborted by the software in your host machine."
is often the Proxomitron closing a connection. For example, blog.mingthein.com's server is returning '404 not found' for some resources. Sidki's set redirects these and closes (aborts) the connection.

HTH
(Apr. 03, 2016 04:28 AM)JJoe Wrote: [ -> ]I see the errors at 'login.yahoo.com' and 'www4.symantec.com/Vrt/offer?a_id=175670' while using ProxHTTPSProxyMII v1.3.1 (urllib3/1.12). I do not see them while using the py version, ProxHTTPSProxyMII v1.3.1 (urllib3/1.14). So, the updated urllib3 may be the solution to some cert errors.

Not sure I understand about the update. I don't see a version 1.14. Maybe I'm overlooking something. The versions I downloaded were:
1.3a - 1.10.4 (posted May 27 '15)
1.3.1 - 1.12 (posted Oct 1 '15)

The latter is the one referenced in my post above. As an experiment, I tried 1.3a - 1.10.4 and it was much worse. There were "connection is untrusted" errors on the first 4 urls I tried (google, wunderground, flickr, and yahoo mail).

(Apr. 03, 2016 04:28 AM)JJoe Wrote: [ -> ]For example, blog.mingthein.com's server is returning '404 not found' for some resources. Sidki's set redirects these and closes (aborts) the connection.

hmmmm. In version 1.3.1 I'm definitely getting SSL errors on that page that are blocking the pics. See attachment for log example.
After adding all those "farmX.staticflicker.com" urls to the no-verify list, the page loads as it should.
(Apr. 04, 2016 04:53 AM)zoltan Wrote: [ -> ]Not sure I understand about the update. I don't see a version 1.14. Maybe I'm overlooking something.

You would need to install Python and use 'ProxHTTPSProxyMII_py 1.4.zip' from http://prxbx.com/forums/showthread.php?t...9#pid18719 .

(Apr. 04, 2016 04:53 AM)zoltan Wrote: [ -> ]hmmmm. In version 1.3.1 I'm definitely getting SSL errors on that page that are blocking the pics. See attachment for log example.

I believe you. The 'an established connection was aborted by' lines in "ssl-thein.gif" appear to be the result of an error not the cause, however. "Content-Type: 2b Kill Image/CSS/JS Error Responses 07.11.09 [sd] (d.0) (In)" closed some of those connections.

I see
[attachment=1005]
(Apr. 04, 2016 07:07 PM)JJoe Wrote: [ -> ]You would need to install Python and use 'ProxHTTPSProxyMII_py 1.4.zip' from http://prxbx.com/forums/showthread.php?t...#pid18719.

I installed python, but couldn't get ProxHTTPSProxy.py to work. It pops up, then disappears. I also noticed your post in the other thread about "http support lost" with ver 1.4. Doesn't that render it pretty useless anyway?

Maybe it's best I just stick with 1.3.1, since it does seem to work if you add items to the no-verify list. I read your post from Feb 13 '15 about adding an "*" to the list. That seems like a perfect solution, so I'm wondering if it really is or if there's any real downside to it if you limit its use to a wired connection. I already switch to no proxy for banking or anything similarly sensitive. I ask because in the past few days with more use there are more sites showing SSL errors in the log. Adding each one to the list seems excessive/annoying.
(Apr. 05, 2016 02:44 AM)zoltan Wrote: [ -> ]I installed python, but couldn't get ProxHTTPSProxy.py to work. It pops up, then disappears.

Did you also install all the required libraries, openssl, pyopenssl, colorama, urllibs, PySocks?
Note that Python 3.5+ cannot be used on Windows XP or earlier.

(Apr. 05, 2016 02:44 AM)zoltan Wrote: [ -> ]I also noticed your post in the other thread about "http support lost" with ver 1.4. Doesn't that render it pretty useless anyway?

No, I need to delete or change that post.
Before 1.3, I would set the Proxomitron to forward both http and https to the rear proxy. Now I can only forward https. So http isn't lost. I just can't do what I was doing.

(Apr. 05, 2016 02:44 AM)zoltan Wrote: [ -> ]Maybe it's best I just stick with 1.3.1, since it does seem to work if you add items to the no-verify list. I read your post from Feb 13 '15 about adding an "*" to the list. That seems like a perfect solution, so I'm wondering if it really is or if there's any real downside to it if you limit its use to a wired connection. I already switch to no proxy for banking or anything similarly sensitive. I ask because in the past few days with more use there are more sites showing SSL errors in the log. Adding each one to the list seems excessive/annoying.

Your behaviour seems safe enough but I can't be certain. I haven't tested adding * to the list.
(Apr. 05, 2016 04:57 AM)JJoe Wrote: [ -> ]Did you also install all the required libraries, openssl, pyopenssl, colorama, urllibs, PySocks? Note that Python 3.5+ cannot be used on Windows XP or earlier.
Oops, no I didn't. I did get the 2x version and am on Win7, but my only experience has been with the other ProxyHTTPSProxy bundles so I don't really know what I'm doing with the python setup.

(Apr. 05, 2016 04:57 AM)JJoe Wrote: [ -> ]No, I need to delete or change that post.
Before 1.3, I would set the Proxomitron to forward both http and https to the rear proxy. Now I can only forward https. So http isn't lost. I just can't do what I was doing.

That's good to know. I was a little worried that it was quickly becoming obsolete.

(Apr. 05, 2016 04:57 AM)JJoe Wrote: [ -> ]Your behaviour seems safe enough but I can't be certain. I haven't tested adding * to the list.

OK, thanks. For now I'll try it that way and see how it goes
(Apr. 05, 2016 06:35 AM)zoltan Wrote: [ -> ]
(Apr. 05, 2016 04:57 AM)JJoe Wrote: [ -> ]Did you also install all the required libraries, openssl, pyopenssl, colorama, urllibs, PySocks? Note that Python 3.5+ cannot be used on Windows XP or earlier.
Oops, no I didn't. I did get the 2x version and am on Win7, but my only experience has been with the other ProxyHTTPSProxy bundles so I don't really know what I'm doing with the python setup.

ProxHTTPSProxyMII_py requires Python 3.x.
Version 1.4 (20160112)
--------------

+ Socks proxy support
* Certifications are now v3 instead of v1

download
I have a Problem with ProxHTTSProxyMII (ver. 1.4) -python3-.
Pease can anyone give me an idia ?


System Suse 12.3 -64
python3-3.4.1
ProxHTTSProxyMII 1.4

-- short --------------------------------------------

- all python3 modules well compiled
- I guess all config work well done
- CA.crt imported in Browser Authorities
- cacert.pem + ProxHTTPSProxy.py + config.ini same path

b - browser firefox v.19.0 (old but stable)
p - privoxy
FS - MII Front Server
fP - MII filtering Proxy (privoxy)
rS - MII Rear Server

b(80) <-> 8118 <-> p <->
b(443) <-> 8079 <-> FS <-> 8080 <-> fP(p) <-> 8081 <-> rS <->

Port configuration

8118 browser
8079 browser ssh
8079 FrontPort in config.ini MII
8080 ProxAddr in config.ini MII
8118 listen directive in privoxy config
8080 2nd listen directive in privoxy config
8081 RearPort in config.ini MII
8081 forward-override rule in user.action privoxy

-------------------------------------------------------

Test Case:

--> Https://www.google.de or Https://www.welt.de


Result:

** Firefox **

Error Alert:
Secure Connection Failed
An error occurred during a connection to http://www.google.de.
Peer's certificate has an invalid signature.
Error code: sec_error_bad_signature)

Request stops here !

** Chrome **

Warning with dialog to trust the url
After my explicite vote chrome proceed the Url !

** ProxHTTPSProxy.py ** ( for both browser )

SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1767)" while
trying to establish local SSL tunnel for [www.google.de:443]

-- after a while, becours of google's background connections :

[ 20:41] 001 [F] HTTPConnectionPool(host='localhost', port=8080):
Max retries exceeded with url: http://www.welt.de/ (
Caused by ProxyError('Cannot connect to proxy.',
NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fa5c4d08748>:
Failed to establish a new connection: [Errno 111] Connection refused',)))
on "GET http://www.google.de/a"

--------------------------------------------------------
I'm using ProxHTTPSProxyMII 1.4.
I see the following error when I try to open https://www.yahoo.com/
Code:
417: SSL Certificate Failed

The following error occurred while trying to access https://www.yahoo.com/

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

Generated on 2017-02-06 19:50:43.884238 by ProxHTTPSProxyMII RearProxy/v1.4.

Do you have problem visiting https://www.yahoo.com/ ?
How to fix this problem?
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Reference URL's