Post Reply 
Firefox Australis, Extensions and Proxo Issues
Mar. 27, 2014, 01:24 PM (This post was last modified: Mar. 27, 2014 01:47 PM by Styx.)
Post: #1
Firefox Australis, Extensions and Proxo Issues
Hope that someone can shed some lights on my dilemma with the combination of Proxomitron, Firefox Australis (Nightly or Aurora builds) and certain Extensions. (Issue does not exist on non-Australis Firefox builds.)

I am running Proxomitron while enabling "Use SSLeay/OpenSSL to filter secure pages". For some reason, the extensions listed below, once installed, trigger something in the browser to block the page from loading (endless page load) if proxy is not bypassed. Initially I thought it has something to do with "security.mixed_content.block_active_content" set to true (default), but that is not the case.

Pages like the Mozilla Add-ons page, newsfeed from BBC simply will not load. Bypass proxy in the same session and reload page still ends in endless page load. I will have to complete restart the browser, bypass proxy before visiting the sites and loading the pages.

Uninstalling the "offending" extensions and clear up the Pref.js does not work. The only way to get around is disable the proxy or uncheck "SSLeay/OpenSSL" in Proxo. I had to completely rebuild the profile each time. No proxy for "addons.mozilla.org" in the browser did not appear to do much neither.

Extensions:
1. Cookie Monster
2. MediaPlayerConnectivity
3. Status-4-ver
4. Tab Group Helper
5. ForecastFox 2.2.4
Add Thank You Quote this message in a reply
Mar. 28, 2014, 02:58 AM
Post: #2
RE: Firefox Australis, Extensions and Proxo Issues
(Mar. 27, 2014 01:24 PM)Styx Wrote:  Hope

Are you using half-ssl? If so are you stripping "Secure" from the cookies?
I should add, I have a header filter that removes the Strict-Transport-Security header.
Headers purpose is to require https.

Code:
[HTTP headers]
In = TRUE
Out = TRUE
Key = "Strict-Transport-Security: HTTPS: strip to allow filtering 12.11.05 [ADD]"


I've been using a chrome variant since it allows me to use
Code:
--allow-running-insecure-content --ignore-certificate-errors --disable-geolocation --disable-local-storage --disable-background-networking --dns-prefetch-disable --disable-preconnect --disable-session-storage --enable-sdch=0 --use-spdy=off
on the command line.

For me, https on Firefox requires an extension and more work. The extension, https://addons.mozilla.org/en-US/firefox...ert-error/ quit working after version 24 and I quit updating. Since your post, I see skip-cert-error has been updated...

I installed Mozilla Firefox, Portable Edition 29.0 Beta 1 Rev 2, English at http://portableapps.com/apps/internet/fi...table/test .
Added The Proxomitron's proxcert to Firefox's certificate store, Options>Advanced>Certificates>View Certificates>Authorities>import.
Added https://addons.mozilla.org/en-US/firefox...ert-error/ . Under skip-cert-error options only "Add the exceptions as temporary" is not checked.
Modified about:config
Code:
dom.storage.enabled;false
network.http.spdy.allow-push;false
network.http.spdy.coalesce-hostnames;false
network.http.spdy.enabled;false
network.http.spdy.enabled.v3;false
network.http.spdy.enabled.v3-1;false
network.http.spdy.enforce-tls-profile;false
network.stricttransportsecurity.preloadlist;false
network.websocket.allowInsecureFromHTTPS;true
security.mixed_content.block_active_content;false
Added Extensions: Cookie Monster, MediaPlayerConnectivity, Status-4-ver, Tab Group Helper.
ForecastFox 2.2.4 did not install due to age.

After all that https works as expected, unfortunately.

https://addons.mozilla.org/en-US/firefox/ opens after skip-cert-error adds the exception for "addons.mozilla.org" but the supporting files at https://mozorg.cdn.mozilla.net/ and https://addons.cdn.mozilla.net have been blocked because Skip-cert-error only works (when it works) on cert-errors that show in the browser's window.
So, I must cause the exceptions to be added for "mozorg.cdn.mozilla.net" and "addons.cdn.mozilla.net" before https://addons.mozilla.org/en-US/firefox/ will show all.
"View image", "View Page Source", "View Page Info", "Inspect Element" in the context menu for a broken page can help find the missing files. The sidki set's menu item "Show ..." can help.

Same at https Google image search. Skip-cert-error adds the exception for https://www.google.com/search but all the images are missing. Right clicking a broken image and selecting "View Image" shows Firefox's cert error
Quote:encrypted-tbn2.gstatic.com uses an invalid security certificate.
The certificate is only valid for Proxomitron
(Error code: ssl_error_bad_cert_domain)"
Skip-cert-error misses this error but catches it after a reload.

Note: I'm using ClickOff to dismiss The Proxomitron's cert error warnings, http://prxbx.com/forums/showthread.php?t...6#pid17446 .

HTH
Add Thank You Quote this message in a reply
Mar. 28, 2014, 11:35 AM
Post: #3
RE: Firefox Australis, Extensions and Proxo Issues
Ain't it "funny", ha ha, how these d@mn "cert checks" make web browsing a LIVING H#LL? Mad with Teeth Hail Banging Head
Add Thank You Quote this message in a reply
Mar. 28, 2014, 11:38 AM
Post: #4
RE: Firefox Australis, Extensions and Proxo Issues
(Mar. 28, 2014 02:58 AM)JJoe Wrote:  I should add, I have a header filter that removes the Strict-Transport-Security header.
Headers purpose is to require https.

Code:
[HTTP headers]
In = TRUE
Out = TRUE
Key = "Strict-Transport-Security: HTTPS: strip to allow filtering 12.11.05 [ADD]"

Do you have anything else similar to this that you have added that could assist the rest of us in ridding d@mn cert-related "stuff"?
Add Thank You Quote this message in a reply
Apr. 16, 2014, 05:33 PM
Post: #5
RE: Firefox Australis, Extensions and Proxo Issues
Sorry for the delay.

(Mar. 28, 2014 11:38 AM)ProxRocks Wrote:  Do you have anything else similar to this that you have added that could assist the rest of us in ridding d@mn cert-related "stuff"?

I don't think so but I have forgotten some details.
I've yet to see a hit for that filter, btw. It came with an intended but never completed update (one of several).
Add Thank You Quote this message in a reply
May. 07, 2014, 04:08 PM (This post was last modified: May. 07, 2014 04:08 PM by Stone-D.)
Post: #6
RE: Firefox Australis, Extensions and Proxo Issues
Hi guys! Long time no see... just over 2 years, according to the last login info! :p

[Image: b8V9l9p.png]

I stumbled across my old thread about Proxo's behavior with HTTPS redirects whilst researching HSTS and the memories came surging forth.

Anyway.

Rather than strip the header, it's actually better to set Max-Age to 0 - doing that will remove any previous entries from the database, except for the forced ones.

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Strict-Transport-Security: HSTS Force Zero Age (in)"
Match = "max-age=\0"
Replace = "max-age=0$LOG(R$DTM(c) : [HDR:Strict-Transport-Security] HSTS Force Zero Age: \0)"
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to Stone-D for this post:
Styx
May. 08, 2014, 03:54 PM
Post: #7
RE: Firefox Australis, Extensions and Proxo Issues
(May. 07, 2014 04:08 PM)Stone-D Wrote:  Rather than strip the header, it's actually better to set Max-Age to 0 - doing that will remove any previous entries from the database, except for the forced ones.

Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Strict-Transport-Security: HSTS Force Zero Age (in)"
Match = "max-age=\0"
Replace = "max-age=0$LOG(R$DTM(c) : [HDR:Strict-Transport-Security] HSTS Force Zero Age: \0)"

Wonderful, Australis with the "problematic" extensions is now working great with the new header. The browser does not hang anymore when I visit the BBC newsfeed or the Moz Extension site.
Add Thank You Quote this message in a reply
May. 08, 2014, 05:18 PM
Post: #8
RE: Firefox Australis, Extensions and Proxo Issues
Nice! I'd kinda given up on Australis. I'll revisit, methinks.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: