Post Reply 
Proxomitron Reborn
Dec. 10, 2018, 11:56 PM
Post: #91
RE: Proxomitron Reborn
Do the most recent changes make it unnecessary to use ProxHTTPSProxy?
I've added port 8443 as in the image above and set the SSL port in the browser to the same. Then clicked "Generate" under the HTTPS tab and installed "proxcert_certonly.pem" into Firefox's Authorities certificates, but on https sites all I get is "The proxy server is refusing connections."
Add Thank You Quote this message in a reply
Dec. 11, 2018, 01:20 AM
Post: #92
RE: Proxomitron Reborn
Try

https://www.alphapolis.co.jp:443/js/content-viewer.js

(Dec. 10, 2018 03:32 PM)referrer Wrote:  Don't know why but it looks like url(except "*") in all blockfiles(e.g. URL Killfile.txt) only match in http filtering

test:

URL Killfile.txt add:
Code:
www.alphapolis.co.jp/js/content-viewer.js

http://www.alphapolis.co.jp/js/content-viewer.js blocked
https://www.alphapolis.co.jp/js/content-viewer.js block faild
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to JJoe for this post:
referrer, usr
Dec. 11, 2018, 01:35 AM (This post was last modified: Dec. 11, 2018 02:37 AM by referrer.)
Post: #93
RE: Proxomitron Reborn
(Dec. 11, 2018 01:20 AM)JJoe Wrote:  Try

https://www.alphapolis.co.jp:443/js/content-viewer.js

Thanks.
Now it work fine just like before.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 01:39 AM
Post: #94
RE: Proxomitron Reborn
(Dec. 10, 2018 11:56 PM)zoltan Wrote:  Do the most recent changes make it unnecessary to use ProxHTTPSProxy?

I think so but I just got here.

(Dec. 10, 2018 11:56 PM)zoltan Wrote:  I've added port 8443 as in the image above and set the SSL port in the browser to the same. Then clicked "Generate" under the HTTPS tab and installed "proxcert_certonly.pem" into Firefox's Authorities certificates, but on https sites all I get is "The proxy server is refusing connections."

Set the SSL port in the browser to the same as HTTP.
Create proxcert
Install proxcert
Restart the Proxomiron

"8443" adds HTTPS to the Proxomitron's local server local.ptron.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 01:45 AM
Post: #95
RE: Proxomitron Reborn
(Dec. 10, 2018 03:32 PM)referrer Wrote:  Don't know why but it looks like url(except "*") in all blockfiles(e.g. URL Killfile.txt) only match in http filtering

test:

URL Killfile.txt add:
Code:
www.alphapolis.co.jp/js/content-viewer.js

http://www.alphapolis.co.jp/js/content-viewer.js blocked
https://www.alphapolis.co.jp/js/content-viewer.js block faild
The URL match includes the port, if it is not the default (80). https uses port 443, so if you want to block both, use this pattern:
Code:
www.alphapolis.co.jp(:443)+{0,1}/js/content-viewer.js

(Dec. 10, 2018 11:56 PM)zoltan Wrote:  Do the most recent changes make it unnecessary to use ProxHTTPSProxy?
I've added port 8443 as in the image above and set the SSL port in the browser to the same. Then clicked "Generate" under the HTTPS tab and installed "proxcert_certonly.pem" into Firefox's Authorities certificates, but on https sites all I get is "The proxy server is refusing connections."
I think you misunderstand the purpose of the HTTPS port setting; let's review the basics of how to visit site example.com under several circumstances:

HTTP (no proxy):
- Browser connects to example.com port 80
- Browser sends GET / HTTP/1.1 request and headers
- Site server sends reply to browser

HTTP (with Proxomitron defaults):
- Browser connects to localhost port 8080
- Browser sends GET http://www.example.com/ HTTP/1.1 request and headers
- Proxomitron reads and filters request; assuming it is not killed/redirected,
- Proxomitron connects to example.com port 80
- Proxomitron sends filtered GET / HTTP/1.1 request
- Site server sends reply to Proxomitron
- Proxomitron filters reply and sends to browser

HTTPS (no proxy):
- Browser connects to example.com port 443
- Browser establishes encrypted tunnel with site
- Browser sends GET / HTTP/1.1 request and headers through encrypted tunnel
- Site server sends reply to browser through the tunnel

HTTPS (with Proxomitron and no SSL-filtering)
- Browser connects to localhost port 8080
- Browser sends CONNECT example.com:443 HTTP/1.1 request
- Proxomitron connects to example.com port 443 and relays traffic to browser
- Browser establishes encrypted tunnel with site, through Proxomitron (which just passes it through, it is encrypted so it can't do anything to the data)
- Browser sends GET / HTTP/1.1 request and headers through encrypted tunnel via Proxomitron to the site server
- Site server sends reply to browser through the encrypted tunnel and passing through Proxomitron

HTTPS (with Proxomitron and SSL-filtering)
- Browser connects to localhost port 8080
- Browser sends CONNECT example.com:443 HTTP/1.1 request
- Proxomitron establishes encrypted tunnel with browser
- Proxomitron connects to example.com port 443 and establishes encrypted tunnel with it
- Browser sends GET / HTTP/1.1 request and headers through encrypted tunnel to Proxomitron
- Proxomitron decrypts, processes/filters request, then re-encrypts and sends it to the site server
- Site server sends reply to Proxomitron, which decrypts, processes/filters the reply, and re-encrypts it to send to the browser

You will notice in all of the situations above, that the browser connects to Proxomitron using the same 8080 port as before. The only difference is in the data that flows through that port.

Then what is HTTPS port for? It is so Proxomitron itself can act as HTTPS web server. You do not need it for just filtering HTTPS sites, but it can be useful if you want to host local resources that you want to embed, to avoid mixed-content warnings/errors from browsers.

The summary is, set your ports in browser configuration to 8080 like before, restart Proxomitron, and make sure you are using 1.0.1 OpenSSL DLLs (the ones here should work --- they're what I'm currently using.)
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to amy for this post:
referrer, usr
Dec. 11, 2018, 02:15 AM
Post: #96
RE: Proxomitron Reborn
(Dec. 11, 2018 01:45 AM)amy Wrote:  The URL match includes the port, if it is not the default (80). https uses port 443, so if you want to block both, use this pattern:
Code:
www.alphapolis.co.jp(:443)+{0,1}/js/content-viewer.js

Problem solved, thanks
Add Thank You Quote this message in a reply
Dec. 11, 2018, 02:58 AM
Post: #97
RE: Proxomitron Reborn
Yes, I did not understand the purpose of the 8443 setting and how traffic is routed. Thanks for the detailed explanation. I will have to study it a while.

I've set the browser's SSL port to 8080 and am using the linked DLLs. Er.... I mean they are located in the main Proxomitron folder. Other than putting them there, is anything else required? Now, HTTPS pages load, but they are not filtered. HTTP filters normally. I'm coming from a ProxHTTPSProxy setup, so maybe there's something I've left set wrong.

Just to be certain, my main Proxomitron folder contains:
certs.pem, libeay32.dll, msvcr70.dll, openssl.exe, proxcert.pem, proxcert_certonly.pem, ssleay32.dll & zlib.dll.
Any problem with those?
Add Thank You Quote this message in a reply
Dec. 11, 2018, 03:35 AM
Post: #98
RE: Proxomitron Reborn
(Dec. 11, 2018 02:58 AM)zoltan Wrote:  Yes, I did not understand the purpose of the 8443 setting and how traffic is routed. Thanks for the detailed explanation. I will have to study it a while.

I've set the browser's SSL port to 8080 and am using the linked DLLs. Er.... I mean they are located in the main Proxomitron folder. Other than putting them there, is anything else required? Now, HTTPS pages load, but they are not filtered. HTTP filters normally. I'm coming from a ProxHTTPSProxy setup, so maybe there's something I've left set wrong.

Just to be certain, my main Proxomitron folder contains:
certs.pem, libeay32.dll, msvcr70.dll, openssl.exe, proxcert.pem, proxcert_certonly.pem, ssleay32.dll & zlib.dll.
Any problem with those?
Have you enabled SSL filtering in the config (HTTP tab, bottom checkbox)? Check the message log --- if it says "SSL Pass-Thru" when you visit HTTPS sites, you probably haven't.

Your file list looks fine (apart from the surprising lack of a default.cfg, or maybe you source your config from elsewhere.) The msvcr70.dll is not needed with the DLLs in my post.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 04:05 AM (This post was last modified: Dec. 11, 2018 04:53 PM by referrer.)
Post: #99
RE: Proxomitron Reborn
How to bypass a local page(e.g. https://local.ptron:8443/index.html)?
add local.ptron(:8443)+{0,1}/ in bypass.txt but the content in index.html still get filtered.

Another stange quesution...Is there any changes about the match order in blockfile?

Code:
www.example.com(:443)+{0,1}/directory
www.example.com(:443)+{0,1}/[a-z0-9]+
visit
Code:
www.example.com/diretory
4520 match the first 4600 match the second...
Add Thank You Quote this message in a reply
Dec. 11, 2018, 05:59 AM
Post: #100
RE: Proxomitron Reborn
(Dec. 11, 2018 03:35 AM)amy Wrote:  Have you enabled SSL filtering in the config (HTTP tab, bottom checkbox)? Check the message log --- if it says "SSL Pass-Thru" when you visit HTTPS sites, you probably haven't.

Your file list looks fine (apart from the surprising lack of a default.cfg, or maybe you source your config from elsewhere.) The msvcr70.dll is not needed with the DLLs in my post.

No SSL filtering was not checked. Now that it is I'm getting certificate errors "unable to get local issuer certificate" on every https site I've tried. Under Firefox's Certificate Authorities it lists "Proxomitron SSL Filtering Root CA" But ProxHTTPSProxy is still in there too. Does that conflict?

I didn't mention default.cfg and proxo.exe because I knew those were required.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 12:56 PM
Post: #101
RE: Proxomitron Reborn
(Dec. 11, 2018 04:05 AM)referrer Wrote:  Another stange quesution...Is there any changes about the match order in blockfile?

Code:
www.example.com(:443)+{0,1}/directory
www.example.com(:443)+{0,1}/[a-z0-9]
visit
Code:
www.example.com/diretory
4520 match the first 4600 match the second...
There was no change to the blockfile code between 4520 and 4600. I will investigate this further.

(Dec. 11, 2018 05:59 AM)zoltan Wrote:  Now that it is I'm getting certificate errors "unable to get local issuer certificate" on every https site I've tried. Under Firefox's Certificate Authorities it lists "Proxomitron SSL Filtering Root CA" But ProxHTTPSProxy is still in there too. Does that conflict?
Is that error coming from Proxomitron or Firefox? If it's the former, you probably need a newer certs.pem . Get the cacert.pem from https://curl.haxx.se/docs/caextract.html , rename it to certs.pem, and put it in the same directory as proxo.exe . If it's the latter, providing some screenshots would help.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 02:02 PM (This post was last modified: Dec. 11, 2018 04:47 PM by referrer.)
Post: #102
RE: Proxomitron Reborn
What's the right way to bypass a local html?
I tried add 'local.ptron:8443' and 'ptron.local' to 'Bypass List.txt' but the content in
Code:
https://local.ptron:8443/index.html
still get filtered.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 03:44 PM (This post was last modified: Dec. 11, 2018 03:44 PM by JJoe.)
Post: #103
RE: Proxomitron Reborn
(Dec. 11, 2018 04:05 AM)referrer Wrote:  How to bypass a local page(e.g. https://ptron.local:8443/index.html)?
add local.ptron(:8443)+{0,1}/ in bypass.txt but the content in index.html still get filtered.

Are you using "local.ptron"?
You have posted "ptron.local" and "local.ptron".

(Dec. 11, 2018 04:05 AM)referrer Wrote:  Is there any changes about the match order in blockfile?

By default, lists are hashed. So matching order may change.
Would this explain what you see? https://proxomitron.info/45/help/BlockLi...ation.html .
Add Thank You Quote this message in a reply
Dec. 11, 2018, 04:25 PM (This post was last modified: Dec. 11, 2018 09:41 PM by referrer.)
Post: #104
RE: Proxomitron Reborn
(Dec. 11, 2018 03:44 PM)JJoe Wrote:  Are you using "local.ptron"?
You have posted "ptron.local" and "local.ptron".
It's a typo. Both are the same 'local.ptron'.
I couldn't figure out how to get the bypass work.

(Dec. 11, 2018 03:44 PM)JJoe Wrote:  By default, lists are hashed. So matching order may change.
Would this explain what you see? https://proxomitron.info/45/help/BlockLi...ation.html .
It's exactly what I am looking for.
Thank you again.
Add Thank You Quote this message in a reply
Dec. 11, 2018, 05:36 PM
Post: #105
RE: Proxomitron Reborn
(Dec. 11, 2018 12:56 PM)amy Wrote:  Is that error coming from Proxomitron or Firefox? If it's the former, you probably need a newer certs.pem . Get the cacert.pem from https://curl.haxx.se/docs/caextract.html , rename it to certs.pem, and put it in the same directory as proxo.exe . If it's the latter, providing some screenshots would help.

At the time of that post the errors were coming from Proxomitron.
Today I replaced the old certs.pem from 2006 with the new one you linked, and suddenly nothing got filtered, not even http. So I swapped the old certs.pem back in and got "secure connection failed" errors from the browser. Swapping again back to the new one produced the SAME browser errors. That didn't make sense. On some http sites there was some odd behavior that looked like partial filtering.

But it didn't stop there. Suddenly some of the same https sites that were showing errors started loading - unfiltered. At the moment I can't even reproduce the error messages and most everything is unfiltered. This is strange behavior and I can't think of anything that would account for the inconsistency.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: