Post Reply 
Proxomitron Reborn
Dec. 11, 2018, 11:01 PM
Post: #106
RE: Proxomitron Reborn
The "Add to Blockfile" tray menu option doesn't appear to be working.

I'd like to play with it more, esp the https stuff, but I just can't get to it proper atm. (Busy on another project, argh.)
Add Thank You Quote this message in a reply
Dec. 11, 2018, 11:11 PM
Post: #107
RE: Proxomitron Reborn
(Dec. 11, 2018 05:36 PM)zoltan Wrote:  [...]
At the time of that post the errors were coming from Proxomitron.
Today I replaced the old certs.pem from 2006 with the new one you linked, and suddenly nothing got filtered, not even http. So I swapped the old certs.pem back in and got "secure connection failed" errors from the browser. Swapping again back to the new one produced the SAME browser errors. That didn't make sense. On some http sites there was some odd behavior that looked like partial filtering.

But it didn't stop there. Suddenly some of the same https sites that were showing errors started loading - unfiltered. At the moment I can't even reproduce the error messages and most everything is unfiltered. This is strange behavior and I can't think of anything that would account for the inconsistency.

The inconsistency part sounds like it might be a cache problem. Try clearing the cache, restarting ffox and ptron, shift-reloads... (you know the drill)
Add Thank You Quote this message in a reply
Dec. 13, 2018, 05:19 AM
Post: #108
RE: Proxomitron Reborn
(Dec. 11, 2018 11:11 PM)mizzmona Wrote:  
(Dec. 11, 2018 05:36 PM)zoltan Wrote:  [...]
Suddenly some of the same https sites that were showing errors started loading - unfiltered. At the moment I can't even reproduce the error messages and most everything is unfiltered. This is strange behavior and I can't think of anything that would account for the inconsistency.

The inconsistency part sounds like it might be a cache problem. Try clearing the cache, restarting ffox and ptron, shift-reloads... (you know the drill)

Also, there could be list entry errors (check the log window and 'Name' links at http://local.ptron/.pinfo/lists/ ) or you may need to add expressions to match the HTTPS URLs. HTTPS url match must include the port number.

It might be wise to create a new Proxomitron folder for testing the new exe.
Add Thank You Quote this message in a reply
Dec. 13, 2018, 05:50 AM
Post: #109
RE: Proxomitron Reborn
My browsers can't find https://local.ptron:8443/.pinfo/ssl/ , https://local.ptron:8443/proxylogo.jpg or https://127.0.0.1:8443/proxylogo.jpg .
Proxomitron's log window shows:

Code:
*** Log Reset***
Client opened: total 1
BlockList 1023: in Bypass-List, line 19

+++SSL 1023:+++
SSL Pass-Thru: CONNECT https://local.ptron:8443/
SSL Pass-Thru Failed!
+++CLOSE 1023+++
Client closed: total 0

http://local.ptron:8443/.pinfo/ssl/ is found. As is http://local.ptron:844/.pinfo/ .
HTTPS port number in Settings has been set to 8443, certs generated and installed, config saved, Proxomitron restarted, and computers rebooted.
Have I overlooked something?




Opera is complaining:

opera Wrote:Your connection is not private
This server could not prove that it is www.yahoo.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

You cannot proceed because the website operator has requested heightened security for this domain.

Edge and Firefox are not complaining about missing SAN.




With Proxomitron's log window open and "Local file requests" selected, I'm seeing:

log window Wrote:Exception [C0000005] raised in Ssl_PrintStats::...

It may be related to a redirect to a local.ptron file. Sidki's set redirects some requests to a local "dummy.js" file.
Add Thank You Quote this message in a reply
Dec. 13, 2018, 03:54 PM (This post was last modified: Dec. 13, 2018 06:23 PM by Callahan.)
Post: #110
RE: Proxomitron Reborn
Everything seems to be working but I'm not sure I have the proper setup.

In Proxomitron ... in HTTP, I have 8080 and in HTTPS, I have 8443.

I am using the New Moon browser by roytam1 and whether I use 8080 or 8443, everything works just fine. Doesn't sound right to me. I have no need for 8443 and just use 8080, if I understand everything.

New Moon browser: Network Settings

HTTP Proxy: localhost - 8080

SSL Proxy: (blank space) - 8443 or 8080

What should be in that blank SSL Proxy space? ... localhost or local.ptron

As I mentioned earlier, if I leave the space blank - both 8080 and 8443 seem to work, at least the web pages open. As soon as I put in 'localhost' or 'local.ptron' ... no web pages open. Doesn't make sense, I'm sure something has to be in that blank space.

If I just forget about the SSL Proxy and only use HTTP Proxy ... I am able to get back on line and that's the only way I could get back to the forum.

Maybe I really don't need the SSL Proxy ... banking and 'secure sites' are still protected with this newer version using only the HTTP Proxy. is that correct?

... I should also mention that I have added or updated: Proxo OpenSSL 101Q DLLs, Mozilla CA Certificate (12-05-2018)

... I have another question ... post 88 ... the picture posted by Amy. What is that information and where do I get it to put into my Proxomitron setup.

I have a blank space in Allowed ciphers and Bypass certificate errors.

I have 8443 as the picture shows. I probably need a step by step guide. I have never fully understood Proxomitron, Scott was still alive when I started using Proxomitron and I used the Sidki filters when he was still here at the forum and he had to help me several times with some things.

Hated to see him leave but others have helped me getting things right: ProxRocks, Kye-U, JJoe and others. It's been a disappointment to me that I have never fully understood this program and how to add or change something without help.

Thanks ...
Add Thank You Quote this message in a reply
Dec. 13, 2018, 06:31 PM
Post: #111
RE: Proxomitron Reborn
I created a new proxomitron folder, cleared cache and cookies and restarted the browser. No browser error messages so far this time, but the behavior is still strange. On some https sites I get no filtering, some are partially filtered - for example, background color will be changed in the css, but page elements will be left unchanged. Then a few other sites seem filtered properly. I did get one Proxomitron certificate error for tanz.biallo2.de when I visited http://www.welt.de.

I should say though that I've been having recent issues with my PC (drives disappearing and a couple of other oddities) and am planning to build a new system in the coming weeks, so maybe I'm not a good test case for this. I don't want to waste anyone's time if it's just my issue, so maybe I should wait until I get this straightened out and restest then. For now, it's working normally with ProxHTTPSProxy.
Add Thank You Quote this message in a reply
Dec. 13, 2018, 11:00 PM
Post: #112
RE: Proxomitron Reborn
(Dec. 13, 2018 03:54 PM)Callahan Wrote:  SSL Proxy: (blank space) - 8443 or 8080

What should be in that blank SSL Proxy space? ... localhost or local.ptron

Some use localhost. I use "127.0.0.1". The port is 8080.
A blank space means no proxy.

8443 may be used by a Proxomitron cfg.

(Dec. 13, 2018 03:54 PM)Callahan Wrote:  Maybe I really don't need the SSL Proxy ... banking and 'secure sites' are still protected with this newer version using only the HTTP Proxy. is that correct?

Financial and other personal sites are 'protected' best by not using a filtering proxy.
The problem is everything is https now.

(Dec. 13, 2018 03:54 PM)Callahan Wrote:  ... I have another question ... post 88 ... the picture posted by Amy. What is that information and where do I get it to put into my Proxomitron setup.

For now, set the port to 0 and leave the other spaces blank.
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to JJoe for this post:
Callahan
Dec. 14, 2018, 01:56 AM (This post was last modified: Dec. 14, 2018 02:08 AM by referrer.)
Post: #113
RE: Proxomitron Reborn
Sometimes I Get
Code:
SEC_ERROR_REUSED_ISSUER_AND_SERIAL
error. Only restart the browser can fix the problem.

Still can't bypass local index.html
bypass.txt:
Code:
line 20: local.ptron
line 21: local.ptron:443
line 22: local.ptron:8443
line 23: #/user-manual/
log:
Code:
*** Log Reset***
Client closed: total 1
+++CLOSE 141+++
Client closed: total 0
Client opened: total 1
BlockList 161: in Bypass, line 20

+++SSL 161:+++
SSL Pass-Thru: CONNECT https://local.ptron:8443/
Client opened: total 2
Getting certificate for local.ptron
Certificate found in cache
BlockList 162: in ForgeReferrer, line 17
BlockList 162: in UserAgent, line 40

+++SSL:GET 162+++
SSL cipher TLSv1.2 AES128-SHA (128 bits)
GET /user-manual/index.html HTTP/1.1
Host: local.ptron:8443
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Connection: keep-alive
Referer: /user-manual/index.html
Browser reload detected...

+++RESP 162+++
HTTP/1.1 200 Local file
Date: Fri, 14 Dec 2018 01:33:00 GMT
Server: Proxomitron
Connection: close
Last-Modified: Fri, 07 Dec 2018 05:11:04 GMT
Content-Length: 4812
Content-type: text/html
BlockList 162: in UserScripts, line 49
Match 162: General002 NoJavascript
Match 162: General001 User-Scripts
+++CLOSE 162+++
Client Connection Reused: 1
Client opened: total 3
Client opened: total 4
Client opened: total 5
BlockList 163: in Bypass, line 20
Add Thank You Quote this message in a reply
Dec. 14, 2018, 02:32 AM
Post: #114
RE: Proxomitron Reborn
(Dec. 11, 2018 11:01 PM)mizzmona Wrote:  The "Add to Blockfile" tray menu option doesn't appear to be working.
That's unusual and I was not able to reproduce that problem. Could you provide more information, in particular whether the bug is present in 4.5.x or just 4.6? That code hasn't been touched for a while.

(Dec. 13, 2018 05:50 AM)JJoe Wrote:  HTTPS port number in Settings has been set to 8443, certs generated and installed, config saved, Proxomitron restarted, and computers rebooted.
Have I overlooked something?
What's on line 19 of Bypass-List? All 3 of those local URLs work for me.

opera Wrote:Your connection is not private
This server could not prove that it is www.yahoo.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

You cannot proceed because the website operator has requested heightened security for this domain.
A quick search suggests this is a relatively recent change to how browsers check certificates --- some don't care about Common Name anymore and instead always check the alternative name Banging Head ...I will fix this in 4.6.0.1 which is coming in a few days.

(Dec. 14, 2018 01:56 AM)referrer Wrote:  Sometimes I Get
Code:
SEC_ERROR_REUSED_ISSUER_AND_SERIAL
error. Only restart the browser can fix the problem.
Another thing to fix for 4.6.0.1 --- randomise the serial number.

(Dec. 14, 2018 01:56 AM)referrer Wrote:  Still can't bypass local index.html
I can reproduce this. It will need more investigation. Not sure at this time whether it can be easily fixed for 4.6.0.1.
Add Thank You Quote this message in a reply
Dec. 14, 2018, 03:07 AM
Post: #115
RE: Proxomitron Reborn
(Dec. 14, 2018 02:32 AM)amy Wrote:  
(Dec. 13, 2018 05:50 AM)JJoe Wrote:  HTTPS port number in Settings has been set to 8443, certs generated and installed, config saved, Proxomitron restarted, and computers rebooted.
Have I overlooked something?
What's on line 19 of Bypass-List? All 3 of those local URLs work for me.

Line 19 is
local.ptron
Commenting it out did not solve problem.

(Dec. 14, 2018 02:32 AM)amy Wrote:  
(Dec. 11, 2018 11:01 PM)mizzmona Wrote:  The "Add to Blockfile" tray menu option doesn't appear to be working.
That's unusual and I was not able to reproduce that problem. Could you provide more information, in particular whether the bug is present in 4.5.x or just 4.6? That code hasn't been touched for a while.

I can reproduce this. Dialog opens but clicking "Ok" does not add entry to list. "Edit" does open file. I'll check earlier versions.
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to JJoe for this post:
mizzmona
Dec. 14, 2018, 03:34 AM
Post: #116
RE: Proxomitron Reborn
JJoe ... thanks for the assistance. I have reset my settings as you suggested.

I will keep reading for more information and work with the newer versions.

Callahan
Add Thank You Quote this message in a reply
Dec. 14, 2018, 03:10 PM
Post: #117
RE: Proxomitron Reborn
(Dec. 14, 2018 02:32 AM)amy Wrote:  
(Dec. 11, 2018 11:01 PM)mizzmona Wrote:  The "Add to Blockfile" tray menu option doesn't appear to be working.
That's unusual and I was not able to reproduce that problem. Could you provide more information, in particular whether the bug is present in 4.5.x or just 4.6? That code hasn't been touched for a while.

Works for me in 4.5.1.7, 20180620.
Doesn't work in 4.5.2.0, 20180904
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to JJoe for this post:
mizzmona, amy
Dec. 15, 2018, 12:59 AM (This post was last modified: Dec. 15, 2018 01:01 AM by amy.)
Post: #118
RE: Proxomitron Reborn
I think I know the cause now --- this was the result of a bugfix to that dialog which caused the "Show URL in Browser" option to not work for HTTPS URLs, and the fix also introduced the "Include Scheme" checkbox. To clarify, adding does not work only when you enter something in the combobox and do not check the Include Scheme option, correct? If you select one of the existing entries OR check Include Scheme, then it works, and this is why I was not able to reproduce the bug initially. Now I see that if you enter something in the combobox and don't check Include Scheme, pressing the OK button has no effect. Thanks, this will be fixed in 4.6.0.1. (The behaviour will be that custom-entered URLs will disregard the Include Scheme option completely --- let me know if you would like otherwise. This is another one of the things which has subtly changed with the addition of HTTPS filtering, because before it was all HTTP and you could always assume http:// in URLs. Now they will need a bit more handling.)
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to amy for this post:
mizzmona
Dec. 15, 2018, 02:06 AM
Post: #119
RE: Proxomitron Reborn
As long as I will still be able to append anything and not just urls to a list via that dialog, I'm good.

(Researching bills now being pre-filed for the 2019 legislative session is one of my current projects, and I use Proxomitron to add the Bill #s to about a half dozen "issues" lists...lists that will also be used later to help track the progress of each bill online.)
Add Thank You Quote this message in a reply
Dec. 15, 2018, 04:39 AM
Post: #120
RE: Proxomitron Reborn
(Dec. 15, 2018 12:59 AM)amy Wrote:  To clarify, adding does not work only when you enter something in the combobox and do not check the Include Scheme option, correct?

Correct.

(Dec. 15, 2018 12:59 AM)amy Wrote:  The behaviour will be that custom-entered URLs will disregard the Include Scheme option completely

Works for me. I usually type or paste entries. Having to click 'Include' would be an extra step.

I wonder tho, would the dialog be more self-explanatory, if 'Include Scheme' always applied?
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to JJoe for this post:
mizzmona
Post Reply 


Forum Jump: