Threaded Mode | Linear Mode

GunGunGun · (This post was last modified: Nov. 30, 2014 08:07 AM by GunGunGun.)

Hi whenever, I come to report a page that cannot load even I imported its cert to cacert.pem: https://live.paloaltonetworks.com/docs/DOC-6949

Here is my cert:

Code:

#live.paloaltonetworks.com

-----BEGIN CERTIFICATE-----

MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh

MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE

YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3

MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo

ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg

MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN

ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA

PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w

wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi

EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY

avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+

YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE

sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h

/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5

IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj

YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD

ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy

OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P

TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ

HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER

dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf

ReYNnyicsbkqWletNw+vHX/bvZ8=

-----END CERTIFICATE-----

I load the page without ProxHTTPSProxy, Export the root cert and copy to, seem right ? But page still cannot load, log here:

Code:

Error response

Error code: 417

Message: Exception <class 'urllib3.exceptions.SSLError'>.

Error code explanation: 417 - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598).

After a long run with Prox, I still cannot load about 2-3 pages include this page, but at this time I forgot other sites URL but seem same problem.

**whenever** · Nov. 30, 2014, 12:34 PM

What's the size of your cacert.pem?

I am using the 309.1KB version shipped in recent builds and I can open that site without SSL problem.

Regarding manually adding the certificate, as you can see from the cert manager there is a certificate chain, you could start with the certificate right above the site certificate, then go 1 level higher if it doesn't work, until to the root.

GunGunGun · Nov. 30, 2014, 06:47 PM

(Nov. 30, 2014 12:34 PM)whenever Wrote: What's the size of your cacert.pem?

I am using the 309.1KB version shipped in recent builds and I can open that site without SSL problem.

Regarding manually adding the certificate, as you can see from the cert manager there is a certificate chain, you could start with the certificate right above the site certificate, then go 1 level higher if it doesn't work, until to the root.

Thank you very, after update my cacert.pem seem everything become better, my cacert.pem is partially based from curl haxx and myself, I dont know why just change to your recent build's file become better. Big Teeth

GunGunGun · Dec. 07, 2014, 09:50 AM

Hi whenever, I doubt is there a way we can block HTTPS request before it download whole content from server ? Seem ProxHTTPSProxy download whole content and then send to Privoxy/Proxomitron and then Privoxy/Proxomitron replace that full content with error page that they hosted...

**whenever** · Dec. 07, 2014, 12:45 PM

This was already asked and answered before: http://prxbx.com/forums/showthread.php?t...0#pid17730

The discussion there is still true and hasn't changed yet.

**whenever** · (This post was last modified: Dec. 24, 2014 07:13 AM by whenever.)

Version 1.2 (20141221)
--------------

+ Content is streamed to client, while not cached before sending
* Fix config auto reload
* Less exception traceback dumped
* Tagged header changed from "Tagged:Proxomitron FrontProxy/*" to "Tagged:ProxHTTPSProxyMII FrontProxy/*"

You have to change your Proxomitron or Privoxy settings for the tagged header changes to work again.

BTW, the latest version of urllib3 is 1.10 now.

Code:

pip3 install --upgrade urllib3

Enjoy and Merry Christmas!

GunGunGun · (This post was last modified: Dec. 24, 2014 03:29 PM by GunGunGun.)

Thank you very much, the new version so far "superior"!

Quote:+ Content is streamed to client, while not cached before sending

Thank you very much for your hard work, now blocked content get blocked instantly and I feel a big different compare to older version.

PS: Merry Christmas!

***JJoe*** · Dec. 26, 2014, 01:15 AM

Very

and welcome.

Thank you very much.

Best wishes all

SharkyEXE · (This post was last modified: Dec. 26, 2014 07:40 AM by SharkyEXE.)

whenever
JJoe
Hello!

Please write link for download exe version latest version ProxHTTPSProxyMII

For example, in this post I see only py version

Excusme, where i can downloaded exe version on this post?

Thank You!

***JJoe*** · Dec. 26, 2014, 04:15 PM

Whenever has not shared an exe of this version yet.

When available, changelog and link will probably be at bottom of http://prxbx.com/forums/showthread.php?tid=2172

(Dec. 26, 2014 07:33 AM)SharkyEXE Wrote: whenever
JJoe
Hello!

Please write link for download exe version latest version ProxHTTPSProxyMII

For example, in this post I see only py version

Excusme, where i can downloaded exe version on this post?

Thank You!

SharkyEXE · Dec. 26, 2014, 05:42 PM

JJoe

My OS: Microsoft Windows 8.1 Update 3 Pro x64

1) I install http://slproweb.com/download/Win32OpenSS...1_0_1j.exe
2) I extracted http://www.proxfilter.net/proxhttpsproxy...oxyMII.zip on C:\Program Files\ProxHTTPSProxy
3) I configured Proxomitron and run Proxomitron
4) I run C:\Program Files\ProxHTTPSProxy\ProxHTTPSProxy.exe
5) I my browser Opera i enable Proxy and setting:
Adress: 127.0.0.1
Port: 8081
6) When i search on google, I see bug 123.png

Why http://www.proxfilter.net/proxhttpsproxy...oxyMII.zip dont work without installed Python?

***JJoe*** · Dec. 26, 2014, 10:04 PM

This,

(Dec. 26, 2014 05:42 PM)SharkyEXE Wrote: 5) I my browser Opera i enable Proxy and setting:
Address: 127.0.0.1
Port: 8081

, may be wrong.

Default is

Code:

-       Address     Port

HTTP  : 127.0.0.1 : 8080

Secure: 127.0.0.1 : 8079

HTH

SharkyEXE · Dec. 27, 2014, 11:40 AM

JJoe
Make please exe version ProxHTTPSProxyMII independent of installed or not Python
Thank You!

***JJoe*** · Dec. 27, 2014, 07:42 PM

(Dec. 27, 2014 11:40 AM)SharkyEXE Wrote: Make please exe version ProxHTTPSProxyMII independent of installed or not Python

My experience is the exe does not require Python install... I just used the current exe version on a friend's WinXPpro machine that does not have Python installed.

Did you add ProxHTTPSProxy's "CA.crt" to Opera's store of trusted certificate authorities?

GunGunGun · (This post was last modified: Dec. 30, 2014 04:46 PM by GunGunGun.)

I just want to report a bug, ProxHTTPSProxy with Privoxy and make a random filter example:
user.filter

Code:

FILTER: 123

s@999999999999999@99999999999999@g

user.action

Code:

{+filter{123}}

/

And try to open this url: https://www.blogger.com/dyn-css/authoriz...fe659f6435

The file unloadable, because Privoxy will decompress gzip before it applies filter, so maybe that cause problem, maybe we have to revert to 1.1b with new change or maybe we will find a better way to adapt this stream method (pretty nice but..).

Then I downgrade to 1.1b, this problem gone, but I upgrade to 1.2, that problem appear again so I pretty sure 1.2 have that problem only.

This may apply to Proxomitron too, because I think Proxomitron also decompress gzip before apply filter.

Thank!