Enable HTTPS Filtering: Chain ProxHTTPSProxyMII to Privoxy (OS X Tutorial)

[Faxopita]

ProxHTTPSProxyMII (click link to learn more)
Created to provide modern nag-free HTTPS connections for an HTTP proxy.



Credits & Acknowledgements: whenever, JJoe, Cattleya, GunGunGun and other contributors to ProxHTTPSProxyMII

Installation Steps

Step 1: if not previously done, install the Command Line Tools (click link to learn more); run in Terminal (begin with sudo if necessary):

Code:

xcode-select --install

If you'd like to learn more about this step, visit this excellent tutorial.

Before installing Homebrew, make sure you're not using C shell. To know which one Terminal app. is currently using, input

Code:

echo $SHELL

If you see /bin/csh, then change shell by simply typing bash. Changing shell to Bash—or any other that's not C—is only necessary to allow Brew installation using Ruby.

Step 2: install Homebrew from http://brew.sh or visit this GitHub page.

If you encountered an issue during the installation, install the full Xcode package and try again.

After installing Homebrew, perform these commands:

Code:

sudo chown $(whoami):admin /usr/local
brew doctor
brew update

Above, it is not recommended to run chown command with option -R for security reasons. However, if you run into tons of problems–such as being not able to upgrade packages installed via Homebrew–then sadly, in very last resort, you use the option -R. It is worth mentioning that ClamXav, for example, does not appreciate–for very legitimate reasons–the use of this recursive mode from the /usr/local/ folder.

Note that the first command above—beginning with sudo—has to be run after every permission repair. If not, Homebrew will run into trouble during manual package upgrade.

Step 3: Preparing for ProxHTTPSProxy installation. Run these commands:

Code:

brew install python3 --with-brewed-openssl
pip3 install colorama
pip3 install urllib3
pip3 install pyOpenSSL
pip3 install PySocks

Step 4: obtain ProxHTTPSProxyMII Python scripts from the “ProxHTTPSProxyMII: Development” thread.

Step 5: add ProxHTTPSProxy's CA.crt to OS X Keychain! If using Firefox, use it to import this certificate through its advanced preferences: show Firefox certificates and visit Authorities tab, then import…

Step 6: set HTTPS Proxy to 127.0.0.1:8079 instead of 127.0.0.1:8118 (the port number used by Privoxy); see OS X Network Preferences, under Proxies tab. You may equally input this command in Terminal (replace Wi-Fi by Ethernet or "Thunderbolt Ethernet" if necessary):

Code:

sudo networksetup -setsecurewebproxy Wi-Fi 127.0.0.1 8079

Step 7
Add these lines to user.filter file:

Code:

CLIENT-HEADER-TAGGER: tagger4https
s@^.*Tagged:.*ProxHTTPSProxyMII.*FrontProxy.*$@$0@i

Add these lines to user.action file:

Code:

{ +client-header-tagger{tagger4https} }
/
{ +forward-override{forward 127.0.0.1:8081} }
TAG:.*?ProxHTTPSProxyMII

Step 8: open config.ini file—inside ProxHTTPSProxyMII folder. Locate ProxAddr and set port to 8118, thus replacing 8080.

Code:

ProxAddr = http://localhost:8118

Step 9: just be in your ProxHTTPSProxyMII folder and Launch ProxHTTPSProxy with the following command:

Code:

./ProxHTTPSProxy.py

If this doesn't work:

Code:

Python3.X ProxHTTPSProxy.py

(if, for example, Python version 3.X has been installed)

Python binaries should be located inside…

Code:

/usr/local/bin/

Only for those who want to go a little deeper… Add above path to environment variable $PATH and rehash executables:

Code:

hash -r

Alternatively, you can type:

Code:

/usr/local/bin/python3.X ProxHTTPSProxy.py

(replace X with your version number)

You're done!

Note 1: for existing ProxHTTPSProxyMII's installation (before version 1.4), you must…

1. Upgrade to the latest urllib3 version :
   
   Code:
   

   pip3 install -U urllib3
   urllib3/1.14 is known to work well with ProxHTTPSProxyMII. So, if you have a problem with latest urllib3 release:
   
   Code:
   

   pip3 uninstall urllib3
pip3 install urllib3==1.14
2. Install PySocks:
   
   Code:
   

   pip3 install PySocks

Note 2: use ProxHTTPSProxyMII's config file to set exceptions under [SSL Pass-Thru]; make a backup of it for later upgrade.

Note 3: ProxHTTPSProxyMII folder can be located anywhere on your system. Just make sure you have a fairly quick access to config.ini

Note 4: for more info on ProxHTTPSProxyMII, visit http://www.proxfilter.net/proxhttpsproxy/index.html, ProxHTTPSProxyMII thread and GitHub page.

Note 5: activating temporary root access on a regular user account.

1. Log on to your Administrator account.
2. Open Terminal and execute: sudo visudo (and input your admin password)
3. Under # User privilege specification, add this: your_regular_username ALL=(ALL) ALL
   

You might want to visit this page as well: https://support.apple.com/en-gb/HT204012

Note 6: if you intend to use Homebrew's upgrade command, it might be worth to check this article first. This one is interesting as well! System Integrity Protection in OS X El Capitan could cause some issues.

-–—

Minuscule donations are always appreciated…

Code:

BTC --> 34WKogWorDoReJ2MSxw8rTsrGD87VMAPJY
BCH --> 1AXwyMdtMFZktZPvXScC58ESUZXptmjvge
DASH -> XusJsETR6PwDnG4Gde7cvGeRhXzUJFSxtD
ETH --> 0xb829FA99AA9AB31C32590dbc88B837bC5D91453e
ETC --> 0x059F128357331c346Ad2E23F95a4639beC3f0b3a
LTC --> MK7vxk93A1M6HHAYT38W8NPJSb8zANqCia
ZEC --> t1JNCuxdZEWUPBQiAzxZPUMqb4BM87sxs9H
DOGE -> DBPAUuCaez4JYGobAn4RHNNhFXwa9u1W6N
STRAT > SgG6jAHuxQfzW1QBaWyQRVdCdSq514BcyM