The Un-Official Proxomitron Forum

Full Version: ProxHTTPSProxyMII: Reloaded
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
(May. 27, 2018 04:11 PM)JJoe Wrote: [ -> ]I found ProxHTTPSProxyMII on github, https://github.com/wheever/ProxHTTPSProxyMII , after I added SAN.

Your work takes care of issue 8 if I understand it right

(May. 27, 2018 04:11 PM)JJoe Wrote: [ -> ]1.5wipb may be added to github. I'm not sure how my changes should be added...
I am with You on that one. If I would add code changes I prepare to github projects it is on so in-regular bases and I just hate needing to relearn it every single time to prepare pull request Wink

Anyway that gave me an idea to use github repository as the basis and add your changes to it in the form of patch. I'll ask whenever if he would add recent cacert.pem file to repo which would make the patch from 1.4 for 1.5 fairly small.

(May. 27, 2018 04:11 PM)JJoe Wrote: [ -> ]Have you considered uploading to gentoo.org? I'd ask whenever first.

Only official package maintainers may do that and if package is accepted to be added in portage (Gentoo build system) than it is always added to the gentoo.org, so in future it would not be problem as long as there is maintainer willing to accept the package.

(May. 27, 2018 07:26 AM)ryszardzonk Wrote: [ -> ]On the side note is it possible with ProxHTTPSProxyMII to setup in config logging to the file instead of console?

(May. 27, 2018 04:11 PM)JJoe Wrote: [ -> ]I'd assume so but at what cost. My preference is that MII work on as many systems as possible and the user be aware of it. Also, I'm not a python wiz. Wink

In Gentoo it is easy to redirect output to the file so it is not big issue for me.
Code:
start-stop-daemon [options]
  -1, --stdout <arg>                Redirect stdout to file
  -2, --stderr <arg>                Redirect stderr to file

All server apps I use have some kind of logging available, hence my question.
(May. 28, 2018 11:54 AM)JJoe Wrote: [ -> ]Do you see redirects?

I took the time to record a video for you of the redirects happening in action. Now it may just be the fact that I was using IE, but I'm surprised no one else is receiving them.

https://www.youtube.com/watch?v=aS4oMxrobLk
(May. 28, 2018 09:30 PM)Hydl Wrote: [ -> ]Now it may just be the fact that I was using IE,

I just checked IE. Mine is ok.

(May. 28, 2018 09:30 PM)Hydl Wrote: [ -> ]I'm surprised no one else is receiving them.

Exactly and I expect to be told of any bad behavior.
One of the reasons I use 1fichier is it gives me a link to remove the file.

(May. 28, 2018 09:30 PM)Hydl Wrote: [ -> ]https://www.youtube.com/watch?v=aS4oMxrobLk

I think your machine is infected. I hope it is limited to a sandbox.
Could be a program or extension.
Could be Taboola lost control. If so, clearing the caches and other files may help.
I don't remember how I removed this the last time.
One person did pay.
I don't get those, neither with IE nor Opera, but that's behind the Proxomitron, and although it didn't actually block anything, I won't dare try it without...
(May. 29, 2018 12:34 AM)JJoe Wrote: [ -> ]One person did pay.

Don't pay!
(May. 29, 2018 12:34 AM)JJoe Wrote: [ -> ]I just checked IE. Mine is ok.

That's very strange that no one else is getting them but me. And I can assure you my machine is not infected, I've run both Windows Defender and Malwarebytes, both report that I'm clean. Besides if I was infected, wouldn't I get those redirects from every website instead of specific ones?

And yes I had the site open in a sandbox in that video, proxomitron was not running. I'm stumped as to what the reason could be.
If you're behind a router, try rebooting it (unplug it for about 30 seconds and restart) and then see what you get.
(May. 29, 2018 03:19 AM)Hydl Wrote: [ -> ]I can assure you my machine is not infected,

Great. I hoped the worst of this threat, https://www.microsoft.com/en-us/wdsi/threats/support-scams, ended when I banned XP, more than a year ago.

(May. 29, 2018 03:19 AM)Hydl Wrote: [ -> ]I've run both Windows Defender and Malwarebytes, both report that I'm clean.

Too often, antivirus only found what their definitions could identify. If the victim actually installed the malware, it may have been ignored.
On WinXP, Malwarebytes didn't help me with support-scams. However, in those cases, the bad guys were allowed or gained access before I got there.

(May. 29, 2018 03:19 AM)Hydl Wrote: [ -> ]Besides if I was infected, wouldn't I get those redirects from every website instead of specific ones?

Not necessarily. One person only saw it on a newspaper's website with IE. Fortunately, it was browser based. Clearing all the browser's storage (and flash's?) solved the problem until the adserver sent the code again.
(May. 29, 2018 11:52 PM)JJoe Wrote: [ -> ]Fortunately, it was browser based. Clearing all the browser's storage (and flash's?) solved the problem until the adserver sent the code again.

Well I took your advice and tried the 1fichier link on three different browsers: SRWare Iron, Maxthon, and Edge all cleared of storage cache and running in a sandbox environment. For each browser, clicking anywhere on the page DID open a new window or a tab to an advertisement for a game or something, but it wasn't severe at all compared to the scareware alerts I was getting when using IE.

Perhaps this is a sign that its time I move on from IE to Edge or something else. It was gonna happen eventually anyway.
(May. 30, 2018 06:35 PM)Hydl Wrote: [ -> ]For each browser, clicking anywhere on the page DID open a new window or a tab to an advertisement for a game or something,

That I have seen, http://prxbx.com/forums/showthread.php?tid=2172&pid=19242#pid19242 .

(Apr. 14, 2018 08:37 PM)JJoe Wrote: [ -> ]About 1fichier:
In the past, free use was supported by pop over and under advertising.
Do not install any of the advertised programs or browser extensions without additional study...

Now, free downloads are throttled and limited to one every 2 hours.
Still good enough for this. Smile!

So, the pop over and under advertising experience may be random and ongoing.

I ran the url through virustotal,
https://www.virustotal.com/en/url/60f510fb747dd4fdff029e317b9889820fee176a943870a16c3ec12750b27855/analysis/1527690250/ and
https://www.virustotal.com/en/url/60f510fb747dd4fdff029e317b9889820fee176a943870a16c3ec12750b27855/analysis/1527707541/ ,
which doesn't report any problems.

I'm still considering hosting options.
I appreciate the need to pay the bills but...

(May. 30, 2018 06:35 PM)Hydl Wrote: [ -> ]Perhaps this is a sign that its time I move on from IE to Edge or something else.

Did you see the scareware every time with IE?
(May. 30, 2018 07:25 PM)JJoe Wrote: [ -> ]I'm still considering hosting options.

I didn't read through all the posts but I may could help if you just need a hosting space. Please drop me an email. Smile!
It seems only IE is giving me the scam redirects on 1fichier, even after clearing its cache and everything. Obviously its up to you if you wish to continue to use 1fichier to host it or move it somewhere else. But may I suggest updating the first page so that it links to the latest version?
@whenever
Following Hyld's suggestion I would propose updating Github repo first with changes JJoe introduced in 1.5wipb and then updating the link in first page to package from Github. Should take care of issues 5, 8 and 11 at the same time Wink
Sent but I'm looking for a free file host. Don't risk your account or cash.

(May. 31, 2018 12:48 PM)whenever Wrote: [ -> ]I didn't read through all the posts but I may could help if you just need a hosting space. Please drop me an email. Smile!
(Jun. 02, 2018 06:46 AM)ryszardzonk Wrote: [ -> ]@whenever
Following Hyld's suggestion I would propose updating Github repo first with changes JJoe introduced in 1.5wipb and then updating the link in first page to package from Github. Should take care of issues 5, 8 and 11 at the same time Wink

Feel free to do it. JJoe should could modify the post.

@JJoe, please check email for file hosting details.

Sorry for late reply. Cheers
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Reference URL's