Adapting proxo 4.5 to the latest OpenSSL DLLs
|
Oct. 14, 2014, 08:20 PM
(This post was last modified: Nov. 01, 2014 03:22 AM by JJoe.)
Post: #1
|
|||
|
|||
Adapting proxo 4.5 to the latest OpenSSL DLLs
I'm working on adapting proxo 4.5 to the latest OpenSSL and right now I'm a little bit excited because I think a have certain success. How do I properly test if everything is ok?
|
|||
Oct. 15, 2014, 04:23 AM
(This post was last modified: Oct. 15, 2014 04:43 AM by JJoe.)
Post: #2
|
|||
|
|||
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(Oct. 14, 2014 08:20 PM)mas Wrote: I'm working on adapting proxo 4.5 to the latest OpenSSL and right now I'm a little bit excited because I think a have certain success. How do I properly test if everything is ok? Are you saying you have modified the Proxomitron exe to use the current OpenSSL DLLs? http://www.dependencywalker.com/ Edit: Added link to Dependency Walker aka depends.exe |
|||
Oct. 15, 2014, 05:47 AM
Post: #3
|
|||
|
|||
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(Oct. 15, 2014 04:23 AM)JJoe Wrote:Yes, so far so good - not without hiccups with mail.google.com, but that's probably my settings, with filters off runs fine. OpenSSL's version 1.0.1.9.(Oct. 14, 2014 08:20 PM)mas Wrote: I'm working on adapting proxo 4.5 to the latest OpenSSL and right now I'm a little bit excited because I think a have certain success. How do I properly test if everything is ok? (Oct. 15, 2014 04:23 AM)JJoe Wrote: http://www.dependencywalker.com/I know this app, what's with it? |
|||
Oct. 16, 2014, 01:31 AM
(This post was last modified: Oct. 16, 2014 01:34 AM by JJoe.)
Post: #4
|
|||
|
|||
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(Oct. 15, 2014 05:47 AM)mas Wrote: Yes, so far so good Interesting. It's been years since I gave up on this. IIRC... The Proxomitron checks cert name matching. Unfortunately, Proxo doesn't understand wild card certs or SubjectAltName ( http://en.wikipedia.org/wiki/SubjectAltName ). How did you handle this? The last known "usable" DLL was patched to make it compatible. Are you using an unaltered OpenSSL version 1.0.1.9 DLL? Where did you find it? (Oct. 15, 2014 05:47 AM)mas Wrote: I know this app, what's with it? I used it to monitor the Proxomitron while handled https. Dependency Walker showed unanswered requests to OpenSSL, errors, etc. A working DLL would have been tested by verifying encryption and correct behavior but it never got that far. Even if, a "Use at own risk" warning would have been necessary. Encryption might be verified by https://cc.dcsec.uni-hannover.de/ https://www.fortify.net/sslcheck.html or a network sniffer. You could use known attacks and incorrectly configured servers to test behavior. http://stackoverflow.com/questions/17279...certificat Edit: I'll be moving these posts to their own thread. |
|||
Oct. 16, 2014, 03:51 AM
Post: #5
|
|||
|
|||
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
JJoe, please check your PM
|
|||
Nov. 01, 2014, 03:21 AM
Post: #6
|
|||
|
|||
RE: adapting proxo 4.5 to the latest OpenSSL
Looks good.
![]() The patched Proxomitron exe is using the latest libeay32.dll and ssleay32.dll from https://slproweb.com/products/Win32OpenSSL.html . The Proxomitron's log window shows the change and various web tests confirm it. I haven't noticed any new problems. The old problems remain, however. To try mas's mod, overwrite Code: 89 07 83 3F 00 75 36 68 30 20 01 00 68 A8 80 42 00 68 E8 9A 42 00 6A 00 8B 3D 94 62 42 00 FF D7 68 30 20 01 00 68 A8 80 42 00 56 6A 00 FF D7 53 E8 9B 07 00 00 83 C4 04 E9 CF 02 00 00 83 C7 04 89 7D DC 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8D 74 0E 01 89 75 E0 8B 7D DC EB 85 FF 53 38 FF 93 80 00 00 00 6A 00 E8 55 43 00 00 83 C4 04 85 C0 74 2A 6A 00 FF 93 C8 00 00 00 83 C4 04 50 68 DC 9A 42 00 8D 55 8C 52 FF 15 E8 61 42 00 83 C4 0C from 0000E580 through 0000E60F with Code: 89 07 83 3F 00 75 36 68 8C 0C 00 00 FF 73 04 FF 15 90 60 42 00 89 07 EB 24 90 90 90 90 90 FF D7 68 30 20 01 00 68 A8 80 42 00 56 6A 00 FF D7 53 E8 9B 07 00 00 83 C4 04 E9 CF 02 00 00 83 C7 04 89 7D DC 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8D 74 0E 01 89 75 E0 8B 7D DC EB 85 FF 53 38 FF 93 80 00 00 00 6A 00 E8 55 43 00 00 83 C4 04 68 B7 00 00 00 FF 33 FF 15 90 60 42 00 FF D0 EB 1D 90 90 90 90 8D 55 8C 52 FF 15 E8 61 42 00 83 C4 0C Use at own risk! Report problems. Before: Code: 0040F187 |. 68 30200100 |PUSH 12030 After: Code: 0040F187 |. 68 8C0C0000 PUSH 0C8C |
|||
Nov. 01, 2014, 05:02 AM
Post: #7
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
what advantages are there, if any, to patching to use the latest OpenSSL?
|
|||
Nov. 01, 2014, 06:22 PM
Post: #8
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Nov. 01, 2014 05:02 AM)ProxRocks Wrote: what advantages are there, if any, to patching to use the latest OpenSSL? Latest OpenSSL is "TLSv1.2" while Proxo's old is TLSv1 or older. Some advantages are quality and quantity of ciphers, Proxomitron's traffic may be less odd, and ability to access more sites. More info at https://www.howsmyssl.com/ https://www.howsmyssl.com/s/about.html . Patching will not gain best practice security, however. Some old problems remain. So be aware regardless. Before: Code: From: https://cc.dcsec.uni-hannover.de/ After: Code: From: https://cc.dcsec.uni-hannover.de/ |
|||
Nov. 01, 2014, 10:26 PM
Post: #9
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
For confirmation purposes, are these correct?
Original Proxomitron.exe: MD5 f2867bee7180cdc839f7636fddc1aa74 SHA-256 7adc0296d97e24417000c5cac53c8dfb34a5e6ddedceec168ffe45648803285b Edited Proxomitron.exe: MD5 bc3407620d6abbfa5095668e40f03e8c SHA-256 7b916181145b0f63dca29f72fe5e09e3bd3cfe61e994e7b384d3d2068dc01c33 |
|||
Nov. 02, 2014, 01:05 AM
Post: #10
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Nov. 02, 2014, 04:10 AM
Post: #11
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs | |||
Nov. 02, 2014, 04:43 PM
(This post was last modified: Nov. 02, 2014 04:47 PM by herbalist.)
Post: #12
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
It appears to work on a virtual XP. On 98SE, it doesn't find or recognize ssleay32.dll. Using Dependency Walker, I could see the original DLLs using msvcr70.dll, a copy of which is in the Proxomitron folder. The new DLLs want msvcr90.dll, which is installed, obtained from https://slproweb.com/products/Win32OpenSSL.html, which was also copied to the Proxomitron folder.
I've tried copies of msvcr90.dll from both the 98 and XP systems using all the available KernelEx options. DW reports "device not functioning". According to the site, OpenSSL is still compatible with 98, as are the DLLs. Any ideas what I'm overlooking? |
|||
Nov. 02, 2014, 08:38 PM
(This post was last modified: Nov. 02, 2014 10:58 PM by JJoe.)
Post: #13
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Nov. 02, 2014 04:10 AM)whenever Wrote: What old problems do you mean? 1. Current browsers complain about Proxo's cert. (HalfSSL can help but in practice can cause usabilty and security problems.) 2. Original Proxomitron throws an alert for wild card certs, certs that require alternate name support, and maybe any options that it does not support. 3. Some patched Proxomitron exes do not throw alerts for certs. 4. Proxo with OpenSSL DLLs from slproweb still supports ciphers that some people believe are insufficient. 4, 3, and possibly 2 are security related, while 1 and 2 are usability problems. This patch doesn't solve any of these problems. ![]() Edit: I should have said 'my ProxHTTPSProxyMII doesn't have these problems.' I changed line 54 of ProxHTTPSProxy.pyv1.1b from Code: sslparams = dict(cert_reqs="REQUIRED", ca_certs="cacert.pem", ssl_version="TLSv1") Code: sslparams = dict(cert_reqs="REQUIRED", ca_certs="cacert.pem") Before the change, I saw "Your SSL client is Bad." due to TLSv1 use. I have not noticed any problems after the change. |
|||
Nov. 02, 2014, 09:06 PM
Post: #14
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
(Nov. 02, 2014 04:43 PM)herbalist Wrote: According to the site, OpenSSL is still compatible with 98, as are the DLLs. Any ideas what I'm overlooking? They do say that but the link to "Visual C++ 2008 Redistributables for Windows 9x/NT4" is "https://slproweb.com/download/RunMagic.zip" and the instructions are Quote:Having problems with error messages when trying to run OpenSSL? This will likely fix the problem. Only use under Windows 95, 98, Me, and NT4. Gotta wonder what is in "FixSSL_9xNT4.bat". After trying above, I'd ensure a copy of msvcr in c:\windows\system. I don't have any experience with KernelEx. My 98 machines are parts, atm. |
|||
Nov. 02, 2014, 10:38 PM
Post: #15
|
|||
|
|||
RE: Adapting proxo 4.5 to the latest OpenSSL DLLs
Both the 70 and 90 versions are in the system folder and in the Proxomitron folder.
Regarding Quote:Install this, then install "OpenSSL Light" using the '/bin' option, and then run FixSSL_9xNT4.bat contained within the /bin directory.I'm wondering if I have to run that every time I update OpenSSL. I'm sure that OpenSSL works on this PC. Tor uses OpenSSL and this PC is an exit node. |
|||
« Next Oldest | Next Newest »
|