Proxomitron Reborn

[ProxRocks]

That is the correct process.
I originally missed Step #2 so you did better than me on first-attempt.

[ProxRocks]

(Apr. 12, 2024 09:13 AM)ProxRocks Wrote:  Running the newest Reborn has become a slight nightmare on my system.
I am getting the below error SEVERAL times throughout a browsing session.

Everything has been running without any incidents today, none of those errors like yesterday.
Kind of a mystery to me, I'll keep monitoring.

[JJoe]

If you have them, prune or renew "Log-Main.log" and "Log-Rare.log" in "...\Lists\sidki...\Logs" (or any similar files that may have been added). They may need occasional maintenance to limit their size. Too big can cause odd problems. I imagine there are some huge ones out there at this point.
I don't know that this is related but it should be considered.

Also, some CFGs may create errors that may be cleared by restarting.

(Apr. 13, 2024 12:31 AM)ProxRocks Wrote:  Everything has been running without any incidents today, none of those errors like yesterday.
Kind of a mystery to me, I'll keep monitoring.

[ProxRocks]

My log-main and log-rare are both EMPTY.
I disable logging by default and only log when tracking down an issue.

[amy]

(Apr. 13, 2024 12:31 AM)ProxRocks Wrote:  

(Apr. 12, 2024 09:13 AM)ProxRocks Wrote:  Running the newest Reborn has become a slight nightmare on my system.
I am getting the below error SEVERAL times throughout a browsing session.

Everything has been running without any incidents today, none of those errors like yesterday.
Kind of a mystery to me, I'll keep monitoring.

That's a crash; I've not experienced any for a long time as otherwise I would've fixed them before releasing anything. Is this happening only on specific sites and/or with specific filters? If you can narrow it down to a specific site and/or filter combination that always triggers that, I can try to debug it further.

(If you don't want to disclose the info to everyone, PM me directly.)

[ProxRocks]

If it happens again, I'll certainly try to get a history/log or something.

[ProxRocks]

Ugh! It's happened twice within the last half hour.
All while performing Google Searches.
But the crash is preventing any sort of log-gather.
I'll keep trying to force a repeatable replication.

[whenever]

(Apr. 09, 2024 03:08 AM)amy Wrote:  If you modify SslCiphers then SSL-testing sites will see the changes, but if you modify ServerCiphers, they won't, because ServerCiphers only affects the browser-proxy communication.

What about showing the adopted values of ServerCiphers and SslCiphers in the "SSL/TLS Information" section of https://local.ptron/.pinfo/ssl/? That way we can know if user defined or default settings are applied depending on if there are errors in user defined settings.

Also, is ServerCiphers applied to the built in https server? Is below expected with the default setting?

Code:

curl -s -S -v -o /dev/null --no-progress-meter --insecure https://127.0.0.1:8443/ProxyLogo.jpg
*   Trying 127.0.0.1:8443...
* Connected to 127.0.0.1 (127.0.0.1) port 8443
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
> GET /ProxyLogo.jpg HTTP/1.1
> Host: 127.0.0.1:8443
> User-Agent: curl/8.4.0
> Accept: */*

Code:

curl -s -S -v -o /dev/null --no-progress-meter --insecure --tls-max 1.2  --ciphers ECDHE-ECDSA-AES128-GCM-SHA256 https://127.0.0.1:8443/ProxyLogo.jpg
*   Trying 127.0.0.1:8443...
* Connected to 127.0.0.1 (127.0.0.1) port 8443
* schannel: disabled automatic use of client certificate
* schannel: Failed setting algorithm cipher list
* Closing connection
curl: (59) schannel: Failed setting algorithm cipher list

Lastly, are you able to visit https://yomou.syosetu.com/ with default settings? From https://local.ptron/.pinfo/ssl/ I can see no site certificate is created for yomou.syosetu.com.

[whenever]

(Apr. 12, 2024 09:47 PM)Anno Domini Wrote:  4.) I started my browser, deleted my old Proxomitron certificate, and then added proxcert.pem to browser's certificate store.

proxcert_certonly.pem is supposed to be imported to browser's certificate store.

proxcert.pem works too in this situation but its real usage is for Proxomitron itself to generate site certificates on the fly.

If you open the 2 files with a text editor, you will see the only difference is that proxcert.pem has an extra PRIVATE KEY section which serves the purpose mentioned above.

[Anno Domini]

(Apr. 13, 2024 01:49 PM)whenever Wrote:  

(Apr. 12, 2024 09:47 PM)Anno Domini Wrote:  4.) I started my browser, deleted my old Proxomitron certificate, and then added proxcert.pem to browser's certificate store.

proxcert_certonly.pem is supposed to be imported to browser's certificate store.

proxcert.pem works too in this situation but its real usage is for Proxomitron itself to generate site certificates on the fly.

If you open the 2 files with a text editor, you will see the only difference is that proxcert.pem has an extra PRIVATE KEY section which serves the purpose mentioned above.

First, thank you for post #256 ProxRocks, and second, thank you for this observation, Whenever. Can anyone add any thoughts about which .pem I should add to my browser's certificate store ? I remember reading in the forum a few years ago -- to add the proxcert.pem -- which is what I have been doing, but should I have been adding the proxcert_certonly.pem instead ? Thank you.

[JJoe]

I don't know that it will matter but whenever is correct.
Somehow my "proxcert.pem" lost its PRIVATE KEY section (sorry about that). I was probably experimenting. So the files that I shared were incomplete. Also, this is Reborn 4.7.0.0. So lets use new certs.

I've created a new set and uploaded them to https://www.prxbx.com/forums/showthread.php?tid=2331&pid=20945#pid20945
or create them yourself.

Seems like, I've always seen random crashes. I tend to abuse things, however.

(Apr. 13, 2024 10:27 AM)ProxRocks Wrote:  Ugh! It's happened twice within the last half hour.
All while performing Google Searches.
But the crash is preventing any sort of log-gather.
I'll keep trying to force a repeatable replication.

(Apr. 13, 2024 01:49 PM)whenever Wrote:  proxcert_certonly.pem is supposed to be imported to browser's certificate store.

proxcert.pem works too in this situation but its real usage is for Proxomitron itself to generate site certificates on the fly.

If you open the 2 files with a text editor, you will see the only difference is that proxcert.pem has an extra PRIVATE KEY section which serves the purpose mentioned above.

Thanks for the post whenever.

[JJoe]

If the browser will import pem files, use "proxcert_certonly.pem" but it may not matter.

Years ago, "proxcert.pem" did not have a PRIVATE KEY section.

(Apr. 13, 2024 03:03 PM)Anno Domini Wrote:  Can anyone add any thoughts about which .pem I should add to my browser's certificate store ? I remember reading in the forum a few years ago -- to add the proxcert.pem -- which is what I have been doing, but should I have been adding the proxcert_certonly.pem instead ? Thank you.

[JJoe]

(Apr. 13, 2024 01:26 PM)whenever Wrote:  ...
Lastly, are you able to visit https://yomou.syosetu.com/ with default settings? From https://local.ptron/.pinfo/ssl/ I can see no site certificate is created for yomou.syosetu.com.

Opens with my version 4.6.0.5. using the certs generated by either exe.
Fails to load in Edge, Firefox or Opera with 4.7.0.0. and either set of certs.
Same "certs.pem" was used.

Opera Wrote:Your connection is not private
Attackers might be trying to steal your information from yomou.syosetu.com (for example, passwords, messages, or credit cards).

NET::ERR_CERT_COMMON_NAME_INVALID

Firefox Wrote:Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to yomou.syosetu.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

Learn more…

yomou.syosetu.com uses an invalid security certificate.

The certificate does not come from a trusted source.

Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY

Edge Wrote:Your connection isn't private
Attackers might be trying to steal your information from yomou.syosetu.com (for example, passwords, messages, or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID
This server couldn't prove that it's yomou.syosetu.com; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

Edit: Added Edge

[Anno Domini]

(Apr. 13, 2024 03:38 PM)JJoe Wrote:  If the browser will import pem files, use "proxcert_certonly.pem" but it may not matter.

Years ago, "proxcert.pem" did not have a PRIVATE KEY section.

(Apr. 13, 2024 03:03 PM)Anno Domini Wrote:  Can anyone add any thoughts about which .pem I should add to my browser's certificate store ? I remember reading in the forum a few years ago -- to add the proxcert.pem -- which is what I have been doing, but should I have been adding the proxcert_certonly.pem instead ? Thank you.

Thank you, JJoe. Here's what I did, and if anyone can let me know if this was done correctly, it would be much appreciated. I download the most recent cacert.pem from https://curl.haxx.se/docs/caextract.html and then added it to Proxomitron's folder and renamed it certs.pem. After that, I generated a new proxcert.pem and proxcert_certonly.pem and exited Proxomitron. Then deleted the OLD proxcert.pem from my browser's certificate store and imported proxcert_certonly.pem to take its place. I viewed that certificate and it said the Signature Algorithm is SHA-512 with RSA Encryption. I started Proxomitron and it works online. Did I do everything correctly ?

PS -- JJoe, I viewed your proxcert_certonly.pem and it says that the Signature Algorithm is SHA-256 with RSA Encryption. Is that to make browsing easier ? The one I generated and am using says SHA-512, and to be honest, I don't really know what the difference is lol. Thank you..

[DullFace]

(Apr. 13, 2024 10:27 AM)ProxRocks Wrote:  Ugh! It's happened twice within the last half hour.
All while performing Google Searches.

Does it always crash at address 0x77766c8e? Judging by the address, this is some kind of dll, and not Reborn himself.
BTW, why is your process called "proxomitron.exe"? Is this the patched Reborn?

Run a virus scan.