+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: ProxHTTPSProxy (/forumdisplay.php?fid=48)
+--- Thread: ProxHTTPSProxyMII: Reloaded (/showthread.php?tid=2172)
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Feb. 14, 2015 03:41 AM
(Feb. 13, 2015 03:49 PM)Quaraxkad Wrote: Isn't there any way to just tell it "I don't care about certificates, just do it"?
Try adding a * to the [SSL No-Verify] section of "config.ini".
HTH
RE: ProxHTTPSProxyMII: Reloaded - Quaraxkad - Feb. 14, 2015 03:55 AM
(Feb. 14, 2015 03:41 AM)JJoe Wrote: Try adding a * to the [SSL No-Verify] section of "config.ini".
I will try that, thanks.
RE: ProxHTTPSProxyMII: Reloaded - zoltan - Feb. 19, 2015 06:47 PM
Just to follow up, I took all the earlier suggestions and reinstalled it on my friend's Win7/Firefox system and everything works fine now.
I'm not sure if it could help anyone else, but I did follow a slightly different procedure than the first time. Instead of just giving him my Proxomitron default.cfg containing the ProxHTTPSProxy settings, I took those items out and added them through the program interface. Also used the new version 1.3 that whenever posted Feb 12. Deleted/reimported ca.crt, and changed DNS from his ISP to Open DNS.
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Feb. 24, 2015 09:59 PM
* For local file requests, use an expression like
Code:
$USEPROXY(false)$RDIR(http://local.ptron/killed.gif)Where in Sidki's set would this line go?
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Feb. 24, 2015 10:03 PM
2. Redirect connections to http resources with an expression like
Code:
$USEPROXY(false)$SET(keyword=i_proxy:0.)$RDIR(http://local.ptron/killed.gif)and Where in Sidki's set would this line go?
Thanks, Greg
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Feb. 25, 2015 02:23 AM
(Feb. 24, 2015 09:59 PM)charliebrown10242048 Wrote: Where in Sidki's set would this line go?
(Feb. 24, 2015 10:03 PM)charliebrown10242048 Wrote: and Where in Sidki's set would this line go?
They go where you have added an expression that requires them. It could be a filter or list.
Typically to 'kill' a request or replace a resource you might use an expression like
Code:
[^/]+/ad.jpg $RDIR(http://local.ptron/killed.gif)The Proxomitron will send these 'typical' requests to the ProxHTTPSProxyMII rear server and they may fail. ProxHTTPSProxyMII does not know "local.ptron", for example.
"$USEPROXY(false)" is do not use ProxHTTPSProxyMII.
"i_proxy:0." is a sidki specific flag that lets the set know a proxy is not used.
HTH
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Mar. 03, 2015 12:04 AM
using Opera 12.17; xp sp3;Proxomitron 4.5 (HxD'd Amy Hex4U fixed)
I'm now getting the certificate security issues:
Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......
What did I do to make this happen?
More importantly, how do I make it just GO AWAY ??
I would prefer to NOT be 'warned' at all.
added settings for ProxHTTPSProxyMII\config.ini:
[SSL No-Verify]
*
*.*
[19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Mar. 03, 2015 04:39 AM
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]
Work for me, I think (no Opera 12.17).
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: I'm now getting the certificate security issues:
Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......
While using ProxHTTPSProxyMII, it probably is
"issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......"
because MII is probably doing all the https. The Proxomitron is receiving http 'tagged' as https.
Did you add MII's cert to Opera?
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: What did I do to make this happen?
Was it working?
Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?
Does Opera 12.17 allow the Proxomitron's self signed cert?
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Mar. 07, 2015 08:56 PM
(Mar. 03, 2015 04:39 AM)JJoe Wrote:Yes.(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: [19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [myciti.com:443]
[19:23] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www99.americanexpress.com:443]
Work for me, I think (no Opera 12.17).
Does this mean it is working correctly?
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: I'm now getting the certificate security issues:
Secure connection: fatal error (554)
or
issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......
While using ProxHTTPSProxyMII, it probably is
"issuer: ProxHTTPSProxy CA, ProxHTTPSProxy
instead of
issuer: Proxomitron......"
because MII is probably doing all the https. The Proxomitron is receiving http 'tagged' as https.
Isn't that what ProxHTTPSProxyMII is for?
"Created to provide modern nag-free HTTPS connections for an HTTP proxy,"
Did you add MII's cert to Opera?
Yes.
(Mar. 03, 2015 12:04 AM)charliebrown10242048 Wrote: What did I do to make this happen?
Was it working?
Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?
Yes.
Closed 1030 200 application/json 252 https://login.persona.org/wsapi/session_context
Closed 1029 200 text/html 673 https://login.persona.org/communication_iframe
Closed 1028 304 0 http://bugzilla.mozilla.org/skins/contrib/Mozilla/bugzilla-magnifier.png
Closed 1027 000 0 http://bugzilla.mozilla.org/skins/contrib/Mozilla/bugzilla-person-alternate.png
ProxHTTPSProxyMII:
[16:27] 050 [D] "GET https://bugzilla.mozilla.org/skins/contrib/Mozilla/noise.png" 304 -
[16:27] 049 [D] "GET https://bugzilla.mozilla.org/skins/contrib/Mozilla/tabzilla.png" 304 -
[16:27] 056 [D] "GET https://bugzilla.mozilla.org/skins/contrib/Mozilla/bugzilla-person-alternate.png" 304 -
[16:27] 054 [D] "GET https://bugzilla.mozilla.org/skins/contrib/Mozilla/bugzilla-magnifier.png" 304 -
Does Opera 12.17 allow the Proxomitron's self signed cert?
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Mar. 08, 2015 05:14 AM
(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote:(Mar. 03, 2015 04:39 AM)JJoe Wrote: Work for me, I think (no Opera 12.17).
Does this mean it is working correctly?
For me, yes. I don't see the errors you posted. Pages that I checked loaded without complaints.
(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote: Isn't that what ProxHTTPSProxyMII is for?
"Created to provide modern nag-free HTTPS connections for an HTTP proxy,"
Yes, so the browser should not see "issuer: Proxomitron......"
Also, with recent Proxomitron patches and depending on browser, ProxHTTPSProxyMII may not be necessary.
(Mar. 07, 2015 08:56 PM)charliebrown10242048 Wrote:(Mar. 03, 2015 04:39 AM)JJoe Wrote: Does http://local.ptron/.pinfo/urls/ show https addresses while using MII?
Yes.
Closed 1030 200 application/json 252 https://login.persona.org/wsapi/session_context
Closed 1029 200 text/html 673 https://login.persona.org/communication_iframe
Closed 1028 304 0
While using ProxHTTPSProxyMII all the addresses should be http:.
ProxHTTPSProxyMII front sends https requests to the Proxomitron as http with a "Tagged:ProxHTTPSProxyMII FrontProxy/*" header.
The Proxomitron forwards these "Tagged:" requests to ProxHTTPSProxyMII rear.
ProxHTTPSProxyMII rear makes the secure connection with the site's server.
Are you sure you did the following?
Code:
To use
----
* Add the ProxHTTPSProxy rear server to the Proxomitron's list of external proxies
Code:
127.0.0.1:8081 ProxHTTPSProxyMII
* Add to Proxomitron's "Bypass URLs that match this expression" field if it is empty
Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)
* Add to the beginning of the entry in Proxomitron's "Bypass URLs that match this expression" field if it is **not** empty
Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)|I've attached a modified version of Scott's cfg to show implementation.
Don't use Half-SSL.
HTH
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Mar. 09, 2015 02:07 PM
"While using ProxHTTPSProxyMII all the addresses should be http:."
besides http://local.ptron/.pinfo/urls/,
Is this also in
the ProxHTTPSProxyMII log
or
the Proxomitron log
or Both?
another question:
the ProxHTTPSProxyMII log:
does it show the logs for the FRONT or the REAR server or both?
Thanks much for your explanations /help.
Greg
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Mar. 10, 2015 02:39 AM
(Mar. 09, 2015 02:07 PM)charliebrown10242048 Wrote: "While using ProxHTTPSProxyMII all the addresses should be http:."
besides http://local.ptron/.pinfo/urls/,
Is this also in
the ProxHTTPSProxyMII log
or
the Proxomitron log
or Both?
If all clients are using ProxHTTPSProxyMII for https and Half-SSl is not used, all addresses in Proxomitron's recent urls and log should be http:.
ProxHTTPSProxyMII has been able to do http and https since version 1.1. If a client has been configured to use ProxHTTPSProxyMII for https and http, ProxHTTPSProxyMII log may show https and http.
(Mar. 09, 2015 02:07 PM)charliebrown10242048 Wrote: the ProxHTTPSProxyMII log:
does it show the logs for the FRONT or the REAR server or both?
I think the best answer is both but remember that the REAR may not see all that the FRONT sees.
You are welcome
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Mar. 13, 2015 06:22 PM
another question:
the ProxHTTPSProxyMII log:
what do the different colors represent?
red
white
tan
blue
other?
and the [D] after item # ?
and the [F] ?
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Mar. 16, 2015 04:09 AM
After looking at ProxHTTPProxy.py and ProxyTool.py:
WHITE for unspecified, time, number, etc.
GREEN for 'normal' traffic.
CYAN for "Denied by blacklist" and "SSL Pass-Thru:"
RED for no verification, traffic errors
YELLOW for traffic errors.
Bright RED for config reloaded, Misconfigured HTTPS proxy port, Certificate Error.
[D] default or normal
[P] ParentServer
[B] Bypass
[F] Front Server
[R] Rear Server
RE: ProxHTTPSProxyMII: Reloaded - charliebrown10242048 - Apr. 09, 2015 01:50 PM
.... and one? more
using ProxHTTPSProxyMII v1.3 (exe version)
Is there a way to whitelist in the config?
I want to allow (https)*.googlevideo.com while blacklisting *.google*.com