Post Reply 
Proxomitron Reborn installation question
Feb. 19, 2020, 08:28 PM
Post: #1
Proxomitron Reborn installation question
Hey guys, I started using Proxomitron, I'm guessing, around 2005 and have great admiration for the people here that have been keeping it alive and trying to make it even BETTER than the original. Just want you to know there are some out there like me that (while not posting) have been visiting this forum over the years and reading what you guys are up to and again, I can't thank you enough for everything you do.

That said, I have to read entire threads and jump to different topics in the forum and skip the complicated stuff to try and understand what you are saying. :-) That is not a criticism in any way. I just say that to say this. I'm at a 4th grade level when it comes to Proxomitron, but have a question please. The last several years surfing online is now mainly through SSL (Port 443) and I finally got around to making the switch to filtering SSL through Proxomitron because of all the ads, etc, and it is amazing. I followed JJoe's instructions at the link at the bottom, so that is my setup. However, I'm not sure that I installed everything in proper order. So here are my questions.

Question 1.) Keeping in mind I updated everything according to JJoe's instructions, but may not have done it right. I started from scratch and installed ProxN45j. Then I unzipped prox-config-sidki_2019-01-26b1 into Proxomitron's folder. Then I clicked CreateProxomitronReborn_4603R.exe. Afterwards I clicked sidki-2019-01-26b1.bat. That got me online. My browser is accepting certificates without warning. However, wanting the latest update I downloaded and unzipped ProxomitronReborn_4605R into the folder and deleted ProxomitronReborn_4603R.exe. In its place is proxo.exe and everything is working as before, but did I install the new updates correctly ?

Question 2.) I have HTTP Proxy and SSL Proxy setup the same in my browser. I have "127.0.0.1" in both, but instead of 8080 I use a diferent port, but the port is the same for both. I have the same non 8080 port in Proxomitron's HTTP proxy port number. When I go online I have the original Proxomitron listener (on port 8080 by default, but I'm using a different port) and a second listener that the great Amy added (port 8443) which behaves exactly the same as the original one. Below are my firewalls logs. So my second question is when I surf online my firewall logs show Proxomitron largely connecting to port 443 and occasionally 8443 connects. Is that the way it should work ? Most of the traffic is going through port 443 like the first firewall entry below. Also, I have "Select one automatically" for certificates in my browser. Do you recommend doing that ? Right now I get no certificate alerts, which I prefer. Thank you again for everything you guys do here. You're an Internet treasure.

The Proxomitron 443 permitted; Out TCP; localhost:1539->(null) [172.217.3.163:443];

The Proxomitron 8443 permitted; Out TCP; localhost:1531->(null) [127.0.0.1:8443];

https://prxbx.com/forums/showthread.php?...0#pid19830
Add Thank You Quote this message in a reply
Feb. 21, 2020, 01:02 AM (This post was last modified: Feb. 21, 2020 01:05 AM by JJoe.)
Post: #2
RE: Proxomitron Reborn installation question
(Feb. 19, 2020 08:28 PM)Anno Domini Wrote:  did I install the new updates correctly ?

Did you re-aim the shortcut at the new exe?

(Feb. 19, 2020 08:28 PM)Anno Domini Wrote:  So my second question is when I surf online my firewall logs show Proxomitron largely connecting to port 443 and occasionally 8443 connects. Is that the way it should work ?

Yes. Files in the Proxomitron's HTML folder are sent to the browser by the Proxomitron's SSL server at 8443. Otherwise, the browser would complain about mixed content (http and https) in https.

(Feb. 19, 2020 08:28 PM)Anno Domini Wrote:  Also, I have "Select one automatically" for certificates in my browser. Do you recommend doing that ?

Only if, you access multiple servers that require a 'personal' certificate to identify you.

(Feb. 19, 2020 08:28 PM)Anno Domini Wrote:  Right now I get no certificate alerts, which I prefer.

Be aware and cautious when the Proxomitron is in the middle.

Have fun.
Add Thank You Quote this message in a reply
Feb. 21, 2020, 05:04 PM (This post was last modified: Feb. 21, 2020 05:09 PM by Anno Domini.)
Post: #3
RE: Proxomitron Reborn installation question
(Feb. 21, 2020 01:02 AM)JJoe Wrote:  Did you re-aim the shortcut at the new exe?

No, I didn't do that. I clicked CreateProxomitronReborn_4603R.exe. Then I clicked sidki-2019-01-26b1.bat. Afterwards, I deleted ProxomitronReborn_4603R.exe and unzipped ProxomitronReborn_4605R into the folder and now proxo.exe is in there. I currently have Internet access and see SSL pages being filtered this way, but I don't know if I did it right. If I have to re-aim the shortcut at the new exe could you please show me how. Also JJoe, just want to say I consider you one of the greats in Proxomitron's history.

(Feb. 21, 2020 01:02 AM)JJoe Wrote:  Only if, you access multiple servers that require a 'personal' certificate to identify you.

I'm at the 4th grade level when it comes to this. Basically, I read the news online and watch YouTube clips. Sometimes I research a topic of interest that takes me down some deep rabbit holes and will visit lots of websites I'm not familiar with for information. I have "Select one automatically" for certificates in my browser for this kind of Internet surfing. Note: I read Scott's warning and, I think, yours, to avoid using SSL filtering for important transactions such as on-line banking or purchases. So I don't login to forums, banking, or any other place that requires a username and password through Proxomitron. I use a browser with a blank space in its Network SSL Settings, which I read here means no proxy. So with that kind of surfing, I'm not sure if I'm using multiple servers that require a 'personal' certificate to identify me. I think I remember Google asking me to accept a certificate in the past when doing regular Google searches, but that was a long time ago. I don't know if that falls into the category of requiring a 'personal' certificate to identify me. With my browsing habits described above, I would greatly appreciate your advice on whether to "Select one automatically" or change it to "Ask me everytime."

(Feb. 21, 2020 01:02 AM)JJoe Wrote:  Be aware and cautious when the Proxomitron is in the middle.

This concerns me and I want to setup and use Proxomitron the right way. Thank you for any advice.
Add Thank You Quote this message in a reply
Feb. 22, 2020, 01:55 AM
Post: #4
RE: Proxomitron Reborn installation question
(Feb. 19, 2020 08:28 PM)Anno Domini Wrote:  In its place is proxo.exe and everything is working as before

If you saved the sidki set as your default, you are done.
This would explain "everything is working as before."
Otherwise...

If the config uses Reborn's https server, we must start Reborn with a config that enables it.
The easiest way to do this is to replace the old 'default.cfg' with a new 'default.cfg'.
An example of this would be saving 'sidki_2019-01-26b1.ptron' as 'default.cfg'.

My replacing 'default.cfg', however, would upset almost everybody, so I provided a bat file and instructions to create a windows shortcut.

1.) Creating a shortcut with Win10:

Right click on the Proxomitron exe >> Mouseover "Send to" >> Click "Desktop (create shortcut)"
>> Find and right click on the new shortcut >> Click Properties >> append a space followed by the cfg's file name to the Target field.
Example for Target field:
Code:
"C:\Users\P\Programs\ProxN45j-amy\Prx4603R.exe" sidki_2019-01-26b1-uNorm.ptron
>> click "OK"

2.) Creating the bat for the curious:

Open sidki-2019-01-26b1.bat in a text editor, like notepad, and you will see

Code:
start "" "ProxomitronReborn_4603R.exe" sidki_2019-01-26b1.ptron

You can edit and save to create a new one.

(Feb. 21, 2020 05:04 PM)Anno Domini Wrote:  With my browsing habits described above, I would greatly appreciate your advice on whether to "Select one automatically" or change it to "Ask me everytime."

Change it to "Ask me every time."
Add Thank You Quote this message in a reply
Feb. 22, 2020, 04:44 PM (This post was last modified: Feb. 22, 2020 07:36 PM by Anno Domini.)
Post: #5
RE: Proxomitron Reborn installation question
(Feb. 22, 2020 01:55 AM)JJoe Wrote:  If you saved the sidki set as your default, you are done.
This would explain "everything is working as before."

Before I make any changes, just want to provide you more details so I don't do the wrong thing. When I deleted ProxomitronReborn_4603R.exe and unzipped ProxomitronReborn_4605R and put proxo.exe in there, I clicked proxo.exe and then when it was in the taskbar, I right clicked it and went to "load config file" and loaded 'sidki_2019-01-26b1.ptron' and saved that as "Save Default settings." Right now if I click on "Web page" filters, at the top it has a checkmark beside, "NAOKO 4.6R CONFIG -- SIDKI 2019-01-26b1 -- README." I don't know if this now means that I saved the sidki set as my default and it is done.

(Feb. 22, 2020 01:55 AM)JJoe Wrote:  If the config uses Reborn's https server, we must start Reborn with a config that enables it.

Honestly, I don't know anything about using Reborn's https server. I read in the forum that if you change the HTTPS port number within the Proxomitron config button menu from 8443 to 0 it disables it, and Proxomitron no longer listens on port 8443. Right now I have Proxomitron listening on port 8443, but don't know what this does or what it means. But if I can change the HTTPS port to 0 and disable it and still filter SSL without Proxomitron listening on port 8443, I would prefer this and appreciate instructions on how to do that and make it happen.

(Feb. 22, 2020 01:55 AM)JJoe Wrote:  Change it to "Ask me every time."

I changed it to "Ask me every time." By the way, when I had "Select on automatically" there were two times when I clicked a link and a popup from Proxomitron came up and said the website certificate was no good, or something to that effect. I rejected the certificate for safety reasons, even though I didn't know what the alert meant. I apologize for the sophomoric questions, but now that I changed it to "Ask me every time" will I be presented with a Firefox or Proxomitron certificate ? Also, in what scenario will a certificate popup and is it best to reject all certificates that come with a warning ? My normal practice in the past has been to reject any ceritificate that has some sort of negative warning and I don't visit the website. Thank you for your words of wisdom.
Add Thank You Quote this message in a reply
Feb. 23, 2020, 04:50 AM
Post: #6
RE: Proxomitron Reborn installation question
(Feb. 22, 2020 04:44 PM)Anno Domini Wrote:  I don't know if this now means that I saved the sidki set as my default and it is done.

You are done. Smile!

(Feb. 22, 2020 04:44 PM)Anno Domini Wrote:  But if I can change the HTTPS port to 0 and disable it and still filter SSL without Proxomitron listening on port 8443, I would prefer this and appreciate instructions on how to do that and make it happen.

The sidki set requires Reborn's https server.

(Feb. 22, 2020 04:44 PM)Anno Domini Wrote:  I changed it to "Ask me every time." By the way,...

Firefox's "Ask me every time" applies to 'personal' certificates.
A University, for example, might issue personal certificates to students. These certificates identify each student's computers to the school's restricted servers and allow access.
I doubt the setting will affect you. When a setting should not affect me, I like 'Ask me every time.'

The alerts from the Proxomitron are about the site's certificates. In my experience, they are almost always just an annoyance caused by my filtering or the site owner's neglect or error.
I usually allow those needed to see the site and reject the unnecessary.
Add Thank You Quote this message in a reply
Feb. 23, 2020, 06:55 AM
Post: #7
RE: Proxomitron Reborn installation question
As a side-note, you can check the version of Proxomitron you're using in the Help->About of the main dialog. Proxomitron Reborn will clearly show that in the About dialog.
Add Thank You Quote this message in a reply
Feb. 23, 2020, 08:06 PM (This post was last modified: Feb. 23, 2020 08:17 PM by Anno Domini.)
Post: #8
RE: Proxomitron Reborn installation question
(Feb. 23, 2020 04:50 AM)JJoe Wrote:  You are done. Smile!

Thank you JJoe.

(Feb. 23, 2020 04:50 AM)JJoe Wrote:  The sidki set requires Reborn's https server.

Okay, I will leave the HTTPS port number within the Proxomitron config button menu at 8443. Love the new sidki set !

(Feb. 23, 2020 04:50 AM)JJoe Wrote:  When a setting should not affect me, I like 'Ask me every time.'

I appreciate your tip. I don't understand the personal certificates topic, but will set my browser to "Ask me every time" and try to get more acquainted with it the more I see how it works.

(Feb. 23, 2020 04:50 AM)JJoe Wrote:  The alerts from the Proxomitron are about the site's certificates....I usually allow those needed to see the site and reject the unnecessary.

I'd like to do that too, but I'm not at a level where I can differentiate those needed to see the site and reject the unnecessary, so for now I'm going to reject any popup from Proxomitron that says the website certificate is expired, no good, or anything to that effect. A 4th grader has no idea what these different SSL certificates mean and as soon as you see that alert of possible danger you reject them, lol. "Oh brother, this site looks harmful." No thanks. Click. So, I try to keep it simple. I wish I knew more, but I'm trying. :-)

With that thought in mind, I have a question related to avoiding using SSL filtering for transactions such as on-line banking or purchases through Proxomitron. I have taken the advice of this forum and don't login to forums, banking, or any place that requires a username and password through Proxomitron's SSL filtering. I use a Firefox browser with a blank space in its Network SSL Proxy Settings. That said, is it safer to create a NEW profile in Firefox that has not imported Proxomitron's certificate and use that profile for on-line banking ? There are several scenarios here. I currently have more than one profile in Firefox. One profile has Proxomitron's certificate installed. In this profile I setup HTTP Proxy and SSL Proxy the same for SSL filtering with Proxomitron and go online with it. Now, if I have to login to banking I could manually remove 127.0.0.1 and port 8080 (or whatever port you use here) in this profiles Network SSL Settings and login to banking using this profile, but it has Proxomitron's certificate installed and Proxomitron config is still set to use "SSLeay/OpenSSL" AND the HTTP Proxy in that profile is setup to 127.0.0.1 and port 8080. So is it more secure to create a brand new profile (or even use a different browser that has never been setup for Proxomitron and uncheck "SSLeay/OpenSSL") and login that way, OR is it safe to use a profile with Proxomitron's certificate and put in a blank space in that profiles Network SSL Settings and login to online banking that way ? Sorry for the long writeup to a short question.
Add Thank You Quote this message in a reply
Feb. 23, 2020, 08:13 PM
Post: #9
RE: Proxomitron Reborn installation question
(Feb. 23, 2020 06:55 AM)amy Wrote:  As a side-note, you can check the version of Proxomitron you're using in the Help->About of the main dialog. Proxomitron Reborn will clearly show that in the About dialog.

Thank you, Amy. I attached a photo of the Help —› About of the main dialog in my Proxomitron and this is what it says. Hope it is uploaded. I also want to thank you for everything you do to keep this little gem of a program running. You are appreciated greatly.


Attached File(s)
.jpg  Help-About of the main dialog .jpg (Size: 57.88 KB / Downloads: 32)
Add Thank You Quote this message in a reply
Feb. 25, 2020, 04:25 AM
Post: #10
RE: Proxomitron Reborn installation question
(Feb. 23, 2020 08:06 PM)Anno Domini Wrote:  is it safer to create a NEW profile in Firefox that has not imported Proxomitron's certificate and use that profile for on-line banking ?

Yes... The concern would be that the certificate might be used by another proxy to snoop on you.
Of course, the bad guy would have to plan on the cert being there and still have to get his proxy in the middle. But it would be 'safer'. The idea is to reduce the possibilities.

(Feb. 23, 2020 08:06 PM)Anno Domini Wrote:  So is it more secure to create a brand new profile (or even use a different browser that has never been setup for Proxomitron and uncheck "SSLeay/OpenSSL") and login that way, OR is it safe to use a profile with Proxomitron's certificate and put in a blank space in that profiles Network SSL Settings and login to online banking that way ? Sorry for the long writeup to a short question.

A computer with an internet connection linked to your address that only does online banking is safest. Wink

Next is a browser or profile that has not been setup for the Proxomitron, if you trust the profiles to be well segregated.

Then a browser with the Proxomitron setup that you manually switch to 'No Proxy' as needed or you could use something like "Proxy Switcher and Manager". Just remember that any active background windows will not be filtered while in 'No Proxy'.

And last, you could set the Proxomitron to Bypass mode while banking.
Add Thank You Quote this message in a reply
Feb. 25, 2020, 11:24 PM (This post was last modified: Feb. 25, 2020 11:33 PM by Anno Domini.)
Post: #11
RE: Proxomitron Reborn installation question
(Feb. 25, 2020 04:25 AM)JJoe Wrote:  Next is a browser or profile that has not been setup for the Proxomitron, if you trust the profiles to be well segregated.

You gave a lot of helpful advice, JJoe. I snipped the above option because I think that's the one I will take. I have several versions of Firefox installed. They're different versions of Firefox with their own seperate profiles. I think I will pick one version of Firefox and I won't set it up for Proxomitron. I will leave it stock and if I have to login into banking or something like that, I can use that profile and Proxomitron will have nothing to do with it. I actually don't do online banking, or do online transactions. I prefer to physically go to the bank, but this is good information to have and I’m grateful for your help. Thank you for all you do. I appreciate it immensely.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: