Threaded Mode | Linear Mode

Gavino · Dec. 05, 2021, 10:39 PM

Talking about the 'certificate error bypass' feature, I said above:

(Dec. 05, 2021 12:07 AM)Gavino Wrote: When I tested this with a cut-down certs.pem file (removing certain certificates I knew to be required), I found that it seems to work the other way round - if the field is left blank, NO certificate errors are ever reported.
I found that for an error to be reported, I had to set the field to something that would not match, eg 'NONE'.

However, given that mizzmona has (coincidentally) just reported getting certificate errors without ever setting a bypass, I was moved to repeat my tests in a more methodical way.
Now, I have to say I am unable to reproduce the behaviour I thought I had seen with a blank 'bypass' field.
So I must apologize and say I WAS WRONG!
Just as amy said, a blank 'bypass' field indeed does NOT match any hostname, so the default behaviour is to report all errors.

An interesting thing I discovered, and what I think led me to misinterpret my previous tests, is the following.
If the certs.pem file is missing or empty, no errors are reported in the main window - the only indication that something is wrong is a message in the log (written on the first connection to Proxomitron): "Can't load SSL cert file - no checking will be done!!!"
Even here though, while root certificate checking is not done, individual site certificate errors (eg mismatched sitename) are still detected and reported.

dsgfh543 · Dec. 26, 2021, 03:34 PM

Is it possible to add support of remote PAC proxy?

amy · Jan. 20, 2022, 03:28 AM

(Dec. 26, 2021 03:34 PM)dsgfh543 Wrote: Is it possible to add support of remote PAC proxy?

Could you explain your feature request in a little more detail?

To everyone else: yes, I'm still here. I haven't forgotten. I've been busy with lots of other projects and life in general. Meanwhile, ProxoR 4605 has continued to give trouble-free service for me all this time. Thanks all for your support! Thumbs Up

val · Jul. 28, 2022, 11:11 PM

Hi everybody! Thanks for keeping proxo alive.. Thumbs Up

It's cool that finally got a chance and have a time for the last 20+ years to ask this request for fix.

- please, make proxo save Message Log ticked settings, and keep
the same 'HTTP Message log' window size and position on restart.

now on start it always have:
[Image: attachment.php?aid=1153]

log-default.png (Size: 6.99 KB / Downloads: 2525)

but i need to be saved as:
[Image: attachment.php?aid=1154]

log-nosave.png (Size: 7.26 KB / Downloads: 2503)

Thanks!

Probably i'm the only one who keep the message log always ON.)

PS. your site is not a tor friendly, what you are afraiding of? chinese ddos haxors?
got always this: Please wait while your request is being verified...
and need to use another vpn just for your forum(

DullFace · (This post was last modified: Aug. 14, 2022 06:38 PM by DullFace.)

Reborn don't load long (4080+) urls, just shows "Error Opening Local File".

Code:

>curl -o test --insecure --proxy 127.0.0.1:1234 "https://google.com/11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333344444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444445555555555555555555555555555555555555555555555555555555555555"

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   732    0   732    0     0  16849      0 --:--:-- --:--:-- --:--:-- 17428

curl: (56) OpenSSL SSL_read: error:0A000126:SSL routines::unexpected eof while reading, errno 0

Please add:

Show log window icon in Alt-Tab windows list.

External icons (proxo.ico, proxo_log.ico ?) to distinguish between different instances.

How about connecting to other IP addresses if the first one is not available? Curl and FF does that.
Some time ago first IP of backend.deviantart.com was unavailable:

Code:

== Info:   Trying 13.33.240.21:443...

== Info: connect to 13.33.240.21 port 443 failed: Timed out

== Info:   Trying 13.33.240.53:443...

== Info: Connected to backend.deviantart.com (13.33.240.53) port 443 (#0)

Brotli, some sites forcing it: https://androidmtk.com/download-mtk-usb-all-drivers

TLS fingerprinting bypassing to bypass cloudflare captcha:
https://pixeljets.com/blog/scrape-ninja-...20-errors/
Samples:
https://blog.cloudflare.com/make-ssl-boring-again/
https://www.artstation.com/

----------

$RDIR works only with first redirect and pass second redirect to browser

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "Location: $RDIR $LST(in)"

URL = "$LST(Location_RDIR)"

Match = "(?+)\1$RDIR(\1)"

blocklist:

Code:

([^/]++.|)topwebcomics.com/rankimages/

([^/]++.|)amazonaws.com/twc.images/rankimages/

http://topwebcomics.com/rankimages/ranki...1&SiteID=1
>https://www.topwebcomics.com/rankimages/rankimage.aspx?ImageTemplate=dynamiclink1&SiteID=1
>>https://s3-us-west-2.amazonaws.com/twc.images/rankimages/generatedimages/dynamiclink1_1316.png

DullFace · Oct. 31, 2022, 08:25 PM

Can't connect to https://i7.photobucket.com/

Code:

curl -o test --insecure --proxy 127.0.0.1:1234 "https://i7.photobucket.com/"

Code:

+++GET 8+++

CONNECT / HTTP/1.1

Host: i7.photobucket.com:443

User-Agent: curl/7.84.0

Proxy-Connection: Keep-Alive

+++SSL:GET 8+++

SSL cipher TLSv1.2 AES256-GCM-SHA384 (256 bits)

GET / HTTP/1.1

Host: i7.photobucket.com

User-Agent: curl/7.84.0

Accept: */*

Connection: keep-alive

** 8 Socket Error 0 for request flush **

Retry 8...

** 8 Socket Error 0 for request flush **

Retry 8...

dsgfh543 · Dec. 20, 2022, 11:09 AM

https://downloads.xiph.org require TLS1.3

DullFace · Mar. 16, 2023, 08:52 AM

(Oct. 31, 2022 08:25 PM)DullFace Wrote: Can't connect to https://i7.photobucket.com/

Same thing with wixmp.com (pictures from deviantart.com), soundcloud.com, blogspot.com

Code:

curl -o test --insecure --proxy 127.0.0.1:1234 "https://images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com/f/20ae5aa5-212f-45d0-8b57-c1541a7adf3b/deum2bn-3881971a-04bf-4e88-94f1-270d8eddf941.jpg/v1/crop/w_270,h_350,x_0,y_0,scl_0.10627450980392,q_70,strp/afterwards_by_tessasart94_deum2bn-350t.jpg?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1cm46YXBwOjdlMGQxODg5ODIyNjQzNzNhNWYwZDQxNWVhMGQyNmUwIiwiaXNzIjoidXJuOmFwcDo3ZTBkMTg4OTgyMjY0MzczYTVmMGQ0MTVlYTBkMjZlMCIsIm9iaiI6W1t7ImhlaWdodCI6Ijw9MzMwMCIsInBhdGgiOiJcL2ZcLzIwYWU1YWE1LTIxMmYtNDVkMC04YjU3LWMxNTQxYTdhZGYzYlwvZGV1bTJibi0zODgxOTcxYS0wNGJmLTRlODgtOTRmMS0yNzBkOGVkZGY5NDEuanBnIiwid2lkdGgiOiI8PTI1NTAifV1dLCJhdWQiOlsidXJuOnNlcnZpY2U6aW1hZ2Uub3BlcmF0aW9ucyJdfQ.LPuF8jBsOkVudIgi_rR3gbkLi8SaoncRT-qGygpwJ68"

dsgfh543 · (This post was last modified: May. 08, 2023 06:03 AM by dsgfh543.)

Why we need TLS 1.3 and new cyphers?
Because when googleChrome autoupdates, and on every site that downgrade to old security standard will spook users with messages like "This site is unsafe! Leave now! [OK] [Leave anyway]", most sites just drop what below TLS 1.3, and associated cyphers.
And then RIP Proxomitron Reborn.

amy · Jun. 17, 2023, 07:51 AM

Thanks for the feature requests - I have put them in the queue to be worked on for the next release, now that I finally have some time away from dealing with the rest of life and can try to fulfill them.

The vast majority of sites still support TLS 1.2, and it's also still considered secure, so it's not a real problem at the moment, but increasingly hostile and intrusive browser-fingerprinting techniques may need TLS 1.3 too.

In consideration of that, the next version of Proxomitron Reborn will also have OpenSSL 3.0 support.

DullFace · Jun. 21, 2023, 09:19 AM

Please put RcvBuf in GUI with default 0. Same with transmit buffer.

Code:

curl -o test2 --insecure --proxy 127.0.0.1:1234 -F "test=@C:\Windows\explorer.exe" https://target.microsoft.com/rest/v1/delivery

Speed was 119 through Reborn, 775 without it.

amy · Jul. 06, 2023, 04:44 AM

I just wanted to share some progress Smile!

That is using OpenSSL 3.0.9, from just over a month ago. I'll try to accommodate some of your other feature requests, then use it for a week or two to make sure I didn't introduce any new bugs, and release after that. Due to the more extensive changes, this will probably be version 4.6.1.0 or even 4.7.0.0.

DullFace · Jul. 22, 2023, 09:11 PM

$RDIR not works with relative paths, Reborn just shows "Error Opening Local File":

Code:

curl -o test --insecure --proxy 127.0.0.1:1234 "https://www.mediafire.com/?amq4naso512o2sa"

Code:

[HTTP headers]

In = TRUE

Out = FALSE

Key = "Location: $RDIR test (in)"

Match = "(?+)\1$RDIR(\1)"

DullFace · (This post was last modified: Aug. 20, 2023 03:15 PM by DullFace.)

I seem to be able to reproduce the "aborting bug":
curl --insecure --proxy 127.0.0.1:1234 http://blogspot.com/
Now press "abort" button - Reborn stops accepting connections, "exit" from menu don't terminates process proxo.exe.

Please add writing URL (or at least host name) in the log window for aborted connections: something "stuck", i want to know what.

------------

Now it has stopped reproducing.

------------

It can happen with these urls, but reproducing is unstable:

Code:

http://wixmp.com/

http://blogspot.com/

http://amazonaws.com/

https://198.23.187.186/

https://217.197.116.88/

cattleyavns · Jul. 31, 2023, 08:43 AM

(Jul. 06, 2023 04:44 AM)amy Wrote: I just wanted to share some progress

That is using OpenSSL 3.0.9, from just over a month ago. I'll try to accommodate some of your other feature requests, then use it for a week or two to make sure I didn't introduce any new bugs, and release after that. Due to the more extensive changes, this will probably be version 4.6.1.0 or even 4.7.0.0.

Glad to know that you're back, I always follow your development to be able to see the Reborn of Proximitron one day.