The Un-Official Proxomitron Forum

Full Version: ProxHTTPSProxyMII: Reloaded
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Created to provide modern nag-free HTTPS connections for an HTTP proxy, ProxHTTPSProxyMII is the reinvention of the ProxHTTPSProxy.

How it works
[Image: HowItWorks.gif]

Eligible HTTP Proxies

* The Proxomitron, for which ProxHTTPSProxy was created Smile!
* Any that have the ability to forward all requests with a "Tagged:ProxHTTPSProxyMII FrontProxy/*" header to the ProxHTTPSProxyMII rear server.
* Any that can be ran as two instances, one for true http and another for "tagged" http
* Any that will only be used to monitor https traffic


* ProxHTTPSProxy's "CA.crt" to the Client's store of trusted certificate authorities.


* The Client to use the ProxHTTPSProxy front server at on port 8079 for secure connections.
* The HTTP proxy to receive requests at on port 8080.
* The HTTP proxy to forward requests to the ProxHTTPSProxy rear server at on port 8081.
* Edit "Config.ini" to change these requirements.


ProxHTTPSProxy.exe to start.


Be aware and careful! Use a direct connection when you don't want any mistakes made.

Use at your own risk!

Have fun!

Proxomitron Tips

To use

* Add the ProxHTTPSProxy rear server to the Proxomitron's list of external proxies

Code: ProxHTTPSProxyMII

* Add to Proxomitron's "Bypass URLs that match this expression" field if it is empty

$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(^)

* Add to the beginning of the entry in Proxomitron's "Bypass URLs that match this expression" field if it is **not** empty

$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(^)|


* Proxomitron always executes some commands in "Bypass URLs that match this expression" field. Adding the entry there allows the Proxomitron to use the rear server when in Bypass mode.

This undocumented feature brings many possibilities but remember, an actual match triggers bypass of filtering!

- $OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*) checks for the header that indicates an https request.
- $SETPROXY( is executed when found.
- (^) expression never matches.

* Identify https connections by testing for the "Tagged" request header that the ProxHTTPSProxy front server adds to the request.

$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)

* For local file requests, use an expression like


* Before redirecting "Tagged" connections to external resources consider removing the "Tagged" header.

* If needed, the Proxomitron can still do https. After adding the ssl files to the Proxomitron, use a header filter like

[HTTP headers]
  In = FALSE
  Out = TRUE
  Key = "Tagged: Use Proxomitron for"
  URL = "$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$USEPROXY(false)$RDIR("

This filter also removes the "Tagged" header.

For the current sidki set

1. Add the following two lines to Exceptions-U

$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)
~(^$TST(keyword=i_proxy:[03].))$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)

2. Redirect connections to http resources with an expression like



Quote:Version 1.5 (20180616)
+ SubjectAltNames support for DNS and IP
- Leading '*' in commonname.
* Generated cert's Subject field still uses '*' due to some hosts using more characters than allowed.

Version 1.4 (20160112)
+ Socks proxy support (needs urllib3 >= 1.14)
* Certifications are now v3 instead of v1

Version 1.3.1 (20151001)
* Certifications are now signed via SHA256 instead of SHA1

Version 1.3 (20150114)
+ Each request has a number ranged from 001 to 999 for reference. 000 is reserved for SSL requests not MITMed like those in [BLACKLIST] and [SSL Pass-Thru] sections.
+ Log window now displays the length of the bytes submitted in POST method

Version 1.2 (20141221)
+ Content is streamed to client, while not cached before sending
* Fix config auto reload
* Less exception traceback dumped

Version 1.1 (20141024)
+ Support URL bypass
+ Handle both HTTP and HTTPS
+ Auto reload config upon chagnes

Version 1.0 (20140729)
Initial release


link to 'advanced' version
'advanced' lacks the start up 'hard error' for the Certs directory. .

To hide the console window:
Hi, thanks for working on this.

Anyway, I've run into problem out of the gate trying to make this work. I followed instructions and installed "Win32 OpenSSL v1.0.1h Light" and Visual C++ 2008 Redistributables. Restarted and configured IE11's proxy to use, added the CA.crt to trusted vendor. Configured Proxomitron's external proxy to

However ProxHTTPSProxy spit these errors whenever IE11 tries to connect to it and when Proxomitron pings it:

[Image: akxxr4.jpg]

I don't know what it means. Do I have to install Python?
It seems you configured IE11's proxy to use for http. What if you configure 8080 for http and 8079 for https?
Hi whenever, can you upload Python version ? Thanks!
(Aug. 09, 2014 01:29 PM)GunGunGun Wrote: [ -> ]Hi whenever, can you upload Python version ? Thanks!

may be it, without the documents folder.

Does this require any particular version of OpenSSL, light, full?
(Sep. 02, 2014 04:14 AM)herbalist Wrote: [ -> ]Does this require any particular version of OpenSSL, light, full?

It should work with either version but I have only used light.
Works for me with "Win32 OpenSSL v1.0.1i Light".

Thanks. I was hoping that the user package was sufficient.
I've set up a couple of virtual XP systems to test this. On the first, XP-SP2, it seems to work. On the 2nd, a dual boot with XP-SP3 installed to drive "E", it won't start. Except for the drive letter, the systems are nearly identical.
I've reinstalled VCRedist and OpenSSL twice. Is this hard coded for drive "C"? The config.ini is edited to point to the OpenSSL on drive "E".
I think I've found the problem but have no idea of how to fix or prevent it from recurring. Unless I'm missing something, the problem seems to be the Visual C++ 2008 Redistributables archive. On the dual boot virtual system (98SE on "C" and XP-SP2 on "E"), the installer, which was executed from the XP desktop is installing files on both the 98 and XP virtual drives. Neither is getting the full install. I used Inctrl5 to create install records on both the dual boot system and on a single install of XP-SP3. Half of the registry entries created on the dual boot system point to the "C" drive. Other than manually editing all of the registry entries and moving all of the files from the "C" drive, anyone have any ideas of how to prevent or fix this behavior? I can make both install records available if they'll help.
Maybe booted windows likes to assume they are on drive "C".

I know there are 3rd party boot managers that can dynamically set the booted partition with the boot flag, but I'm not sure if you have to reinstall windows in your case.
Version 1.1
+ Support URL bypass
+ Handle both HTTP and HTTPS
+ Auto reload config upon chagnes

Hmm! My previous reply disappeared. :-( Baffled. Oh well. :-/

Anyway, great program, and I'll install it shortly. However, is there any way to get it to work with a proxy like Tor or JonDo? Or is that for later?
The proxy support is achieved by the underlying urllib3. Currently urllib3 supports only http/https proxy, but the socks5 support is on the plan.
Ah! So you can get the ProxHTTPSProxy/Proxomitron complex to work with an upstream anonymising proxy?
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Reference URL's