Post Reply 
ProxHTTPSProxyMII: Reloaded
Jul. 29, 2014, 09:44 AM (This post was last modified: Jun. 17, 2018 01:50 AM by JJoe.)
Post: #1
ProxHTTPSProxyMII: Reloaded
Created to provide modern nag-free HTTPS connections for an HTTP proxy, ProxHTTPSProxyMII is the reinvention of the ProxHTTPSProxy.

How it works
----
[Image: HowItWorks.gif]

Eligible HTTP Proxies
----

* The Proxomitron, for which ProxHTTPSProxy was created Smile!
* Any that have the ability to forward all requests with a "Tagged:ProxHTTPSProxyMII FrontProxy/*" header to the ProxHTTPSProxyMII rear server.
* Any that can be ran as two instances, one for true http and another for "tagged" http
* Any that will only be used to monitor https traffic

Install
----

* ProxHTTPSProxy's "CA.crt" to the Client's store of trusted certificate authorities.

Configure
----

* The Client to use the ProxHTTPSProxy front server at 127.0.0.1 on port 8079 for secure connections.
* The HTTP proxy to receive requests at 127.0.0.1 on port 8080.
* The HTTP proxy to forward requests to the ProxHTTPSProxy rear server at 127.0.0.1 on port 8081.
* Edit "Config.ini" to change these requirements.

Execute
----

ProxHTTPSProxy.exe to start.

Remember
----

Be aware and careful! Use a direct connection when you don't want any mistakes made.

Use at your own risk!

Have fun!

Proxomitron Tips
================

To use
----

* Add the ProxHTTPSProxy rear server to the Proxomitron's list of external proxies

Code:
127.0.0.1:8081 ProxHTTPSProxyMII

* Add to Proxomitron's "Bypass URLs that match this expression" field if it is empty

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)

* Add to the beginning of the entry in Proxomitron's "Bypass URLs that match this expression" field if it is **not** empty

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)|

Tips
----

* Proxomitron always executes some commands in "Bypass URLs that match this expression" field. Adding the entry there allows the Proxomitron to use the rear server when in Bypass mode.

This undocumented feature brings many possibilities but remember, an actual match triggers bypass of filtering!

- $OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*) checks for the header that indicates an https request.
- $SETPROXY(127.0.0.1:8081) is executed when found.
- (^) expression never matches.

* Identify https connections by testing for the "Tagged" request header that the ProxHTTPSProxy front server adds to the request.

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)

* For local file requests, use an expression like

Code:
$USEPROXY(false)$RDIR(http://local.ptron/killed.gif)

* Before redirecting "Tagged" connections to external resources consider removing the "Tagged" header.

* If needed, the Proxomitron can still do https. After adding the ssl files to the Proxomitron, use a header filter like

Code:
[HTTP headers]
  In = FALSE
  Out = TRUE
  Key = "Tagged: Use Proxomitron for https://badcert.com"
  URL = "badcert.com$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$USEPROXY(false)$RDIR(https://badcert.com)"

This filter also removes the "Tagged" header.

For the current sidki set
----

1. Add the following two lines to Exceptions-U

Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)
~(^$TST(keyword=i_proxy:[03].))$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)

2. Redirect connections to http resources with an expression like

Code:
$USEPROXY(false)$SET(keyword=i_proxy:0.)$RDIR(http://local.ptron/killed.gif)

Changelog

Quote:Version 1.5 (20180616)
--------------
+ SubjectAltNames support for DNS and IP
- Leading '*' in commonname.
* Generated cert's Subject field still uses '*' due to some hosts using more characters than allowed.
Example: 18cfdfd73150f69310ab-4d842a0601d0ae955a714605e7fb6d6f.ssl.cf2.rackcdn.com.

Version 1.4 (20160112)
--------------
+ Socks proxy support (needs urllib3 >= 1.14)
* Certifications are now v3 instead of v1

Version 1.3.1 (20151001)
--------------
* Certifications are now signed via SHA256 instead of SHA1

Version 1.3 (20150114)
--------------
+ Each request has a number ranged from 001 to 999 for reference. 000 is reserved for SSL requests not MITMed like those in [BLACKLIST] and [SSL Pass-Thru] sections.
+ Log window now displays the length of the bytes submitted in POST method

Version 1.2 (20141221)
--------------
+ Content is streamed to client, while not cached before sending
* Fix config auto reload
* Less exception traceback dumped

Version 1.1 (20141024)
--------------
+ Support URL bypass
+ Handle both HTTP and HTTPS
+ Auto reload config upon chagnes

Version 1.0 (20140729)
--------------
Initial release

Download
link

link to 'advanced' version
'advanced' lacks the start up 'hard error' for the Certs directory.
http://www.prxbx.com/forums/showthread.php?tid=2172&pid=19296#pid19296 .

Misc
To hide the console window: http://prxbx.com/forums/showthread.php?t...5#pid17955
Add Thank You Quote this message in a reply
[-] The following 8 users say Thank You to whenever for this post:
usr, defconnect, laighleas, zoltan, Styx, parnz, eclipse, kichrot
Aug. 05, 2014, 01:47 AM
Post: #2
RE: ProxHTTPSProxyMII
Hi, thanks for working on this.

Anyway, I've run into problem out of the gate trying to make this work. I followed instructions and installed "Win32 OpenSSL v1.0.1h Light" and Visual C++ 2008 Redistributables. Restarted and configured IE11's proxy to use 127.0.0.1:8079, added the CA.crt to trusted vendor. Configured Proxomitron's external proxy to 127.0.0.1:8081.

However ProxHTTPSProxy spit these errors whenever IE11 tries to connect to it and when Proxomitron pings it:

[Image: akxxr4.jpg]


I don't know what it means. Do I have to install Python?
Add Thank You Quote this message in a reply
Aug. 05, 2014, 03:35 PM
Post: #3
RE: ProxHTTPSProxyMII
It seems you configured IE11's proxy to use 127.0.0.1:8079 for http. What if you configure 8080 for http and 8079 for https?
Add Thank You Quote this message in a reply
Aug. 09, 2014, 01:29 PM
Post: #4
RE: ProxHTTPSProxyMII
Hi whenever, can you upload Python version ? Thanks!
Add Thank You Quote this message in a reply
Aug. 11, 2014, 04:15 AM
Post: #5
RE: ProxHTTPSProxyMII
(Aug. 09, 2014 01:29 PM)GunGunGun Wrote:  Hi whenever, can you upload Python version ? Thanks!

ProxHTTPSProxyMII_py 1.0pre.zip
from
http://prxbx.com/forums/showthread.php?t...4#pid17684
may be it, without the documents folder.

HTH
Add Thank You Quote this message in a reply
Sep. 02, 2014, 04:14 AM
Post: #6
RE: ProxHTTPSProxyMII
Does this require any particular version of OpenSSL, light, full?
Add Thank You Quote this message in a reply
Sep. 02, 2014, 03:00 PM
Post: #7
RE: ProxHTTPSProxyMII
(Sep. 02, 2014 04:14 AM)herbalist Wrote:  Does this require any particular version of OpenSSL, light, full?

It should work with either version but I have only used light.
Works for me with "Win32 OpenSSL v1.0.1i Light".

HTH
Add Thank You Quote this message in a reply
Sep. 02, 2014, 04:41 PM
Post: #8
RE: ProxHTTPSProxyMII
Thanks. I was hoping that the user package was sufficient.
Add Thank You Quote this message in a reply
Oct. 02, 2014, 03:26 PM (This post was last modified: Oct. 02, 2014 03:27 PM by herbalist.)
Post: #9
RE: ProxHTTPSProxyMII
I've set up a couple of virtual XP systems to test this. On the first, XP-SP2, it seems to work. On the 2nd, a dual boot with XP-SP3 installed to drive "E", it won't start. Except for the drive letter, the systems are nearly identical.

.png  error.png (Size: 8.99 KB / Downloads: 1327)
I've reinstalled VCRedist and OpenSSL twice. Is this hard coded for drive "C"? The config.ini is edited to point to the OpenSSL on drive "E".
Add Thank You Quote this message in a reply
Oct. 03, 2014, 05:11 AM
Post: #10
RE: ProxHTTPSProxyMII
I think I've found the problem but have no idea of how to fix or prevent it from recurring. Unless I'm missing something, the problem seems to be the Visual C++ 2008 Redistributables archive. On the dual boot virtual system (98SE on "C" and XP-SP2 on "E"), the installer, which was executed from the XP desktop is installing files on both the 98 and XP virtual drives. Neither is getting the full install. I used Inctrl5 to create install records on both the dual boot system and on a single install of XP-SP3. Half of the registry entries created on the dual boot system point to the "C" drive. Other than manually editing all of the registry entries and moving all of the files from the "C" drive, anyone have any ideas of how to prevent or fix this behavior? I can make both install records available if they'll help.
TIA
Add Thank You Quote this message in a reply
Oct. 03, 2014, 07:43 AM
Post: #11
RE: ProxHTTPSProxyMII
Maybe booted windows likes to assume they are on drive "C".

I know there are 3rd party boot managers that can dynamically set the booted partition with the boot flag, but I'm not sure if you have to reinstall windows in your case.
Add Thank You Quote this message in a reply
Oct. 27, 2014, 09:43 AM
Post: #12
RE: ProxHTTPSProxyMII
Version 1.1
--------------
+ Support URL bypass
+ Handle both HTTP and HTTPS
+ Auto reload config upon chagnes

download
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to whenever for this post:
usr, defconnect
Nov. 20, 2014, 01:10 AM
Post: #13
RE: ProxHTTPSProxyMII
Hmm! My previous reply disappeared. :-( Baffled. Oh well. :-/

Anyway, great program, and I'll install it shortly. However, is there any way to get it to work with a proxy like Tor or JonDo? Or is that for later?
Add Thank You Quote this message in a reply
Nov. 20, 2014, 01:44 AM
Post: #14
RE: ProxHTTPSProxyMII
The proxy support is achieved by the underlying urllib3. Currently urllib3 supports only http/https proxy, but the socks5 support is on the plan.
Add Thank You Quote this message in a reply
Nov. 20, 2014, 07:51 AM
Post: #15
RE: ProxHTTPSProxyMII
Ah! So you can get the ProxHTTPSProxy/Proxomitron complex to work with an upstream anonymising proxy?
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: