Post Reply 
Using proxomitron with stunnel
Sep. 22, 2004, 05:01 PM
Post: #1
 
Hello I'm trying to browse the internet using SSL on non https websites. The only free program capable of doing this that I know of is stunnel. Unfortunately I do not know how to use both proxomitron and stunnel at the same time. I set my browser to connect to 127.0.0.1 and it always choose stunnel over proxomitron. I want to use proxomitron for filtering websites and then stunnel for the encryption. How can I configure my browser to connect to proxomitron first and stunnel next? Please help thanks.
Add Thank You Quote this message in a reply
Sep. 22, 2004, 08:15 PM
Post: #2
 
Your browser's HTTP proxy address should be 127.0.0.1 (Port 8080).

If STunnel uses port 8080 as well, then in Proxomitron's Main Screen, click on Configure, click on HTTP, then type in 8081 (or any other port, less than 65535). Then set your browser to use 127.0.0.1, port 8081 (or whatever port you specified.)

I hope this helps, and welcome! Eyes Closed Smile
Visit this user's website
Add Thank You Quote this message in a reply
Sep. 22, 2004, 11:35 PM
Post: #3
 
nobbber Wrote:How can I configure my browser to connect to proxomitron first and stunnel next?
Like ->so<-. Smile!

sidki
Add Thank You Quote this message in a reply
Sep. 23, 2004, 02:18 AM
Post: #4
 
Hey guys thank you for the reply! I tried your suggestion(s) but I encounter the same problem. Here is what happens. The stunnel configuration file looks like this:

client = yes

[https]
accept = 127.0.0.1:80
connect = 209.209.209.209:443

(fake ip btw)

I configure the proxy in netscape 7.2 to 127.0.0.1:80

And there you go.. stunnel encrypts http sites to https that simple. Now, the only disadvantage is My sygate pro firewall for some reason cannot hide my browser, and os information. Before it would block everything except mozilla 4.0. And sadly i must browse without the excellent proxomitron filtering of ads, javascript etc. I have tried using port 8080 and 8081, localhost etc and what happens is the browser chooses either program. For some reason the traffic cant be filtered through proxomitron first then stunnel. I'm guessing the same port cannot be used by two programs at the same time Please someone help me out with this I hope there is a way.
Add Thank You Quote this message in a reply
Sep. 23, 2004, 02:34 AM
Post: #5
 
nobbber Wrote:The stunnel configuration file looks like this:

client = yes

[https]
accept = 127.0.0.1:80
Change:

accept = 127.0.0.1:80

To:

accept = 127.0.0.1:8081

Then, Proxomitron should be listening on port 8080.

Your browser's HTTP (not HTTPS) proxy should be: 127.0.0.1, port 8080.

The Remote Proxy in Proxomitron should be 127.0.0.1:8081

Hope this works!
Visit this user's website
Add Thank You Quote this message in a reply
Sep. 23, 2004, 02:49 AM
Post: #6
 
Kye-U Wrote:
nobbber Wrote:The stunnel configuration file looks like this:

client = yes

[https]
accept = 127.0.0.1:80
Change:

accept = 127.0.0.1:80

To:

accept = 127.0.0.1:8081

Then, Proxomitron should be listening on port 8080.

Your browser's HTTP (not HTTPS) proxy should be: 127.0.0.1, port 8080.

The Remote Proxy in Proxomitron should be 127.0.0.1:8081

Hope this works!
Kye-U you are a genious! I would kiss you right now if you were here lol. It works brilliantly thanks to you. I had to check the use remote proxy window for it to work. thank you thank you thank you!!
Add Thank You Quote this message in a reply
Sep. 23, 2004, 03:03 AM
Post: #7
 
nobbber Wrote:Kye-U you are a genious! I would kiss you right now if you were here lol. It works brilliantly thanks to you. I had to check the use remote proxy window for it to work. thank you thank you thank you!!
Whoa, don't get too excited there [lol] (Just kidding Eyes Closed Smile)

I'm glad to have solved your problem, and don't hesitate to ask if or when you find another problem! Cheers

Enjoy! Big Teeth
Visit this user's website
Add Thank You Quote this message in a reply
Sep. 23, 2004, 05:41 PM
Post: #8
 
nobber;

First, I'll do what Kye-U forget, and that is to use the icon prepared especially for this occasion: Welcome to our Forum!

[EDIT - following mistake has been corrected, see further discourse.]
Next, I wanna see what Kye-U has to say about this: Kye-U, didn't you just configure stunnel to sit between the browser and Proxo? My tired old eyes see it that way, so if I'm wrong, don't feel bad about jumping on me.

browser -> stunnel -> ....... Proxo -> 'tardnet
8081 ...... 8081 > 8080 .... 8080 > 80

My question is, why not let Proxo filter an unencrypted data stream? Shouldn't you reverse the two Port assignments? And yes, the ssl overlay is quite capable of handling the job, but why waste the overhead and resources if it's not necessary? Or am I all washed up on this?

Based on the above, sidki's suggestion made more sense to me - let Proxo filter the un-encrypted stream coming out of/going into the browser, then encrypt/decrypt that stream on the way to/from the innernet.

Just a thought.


Oddysey


p.s. Kye-U - where's your avatar??? :o

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Sep. 26, 2004, 06:06 PM
Post: #9
 
Oddysey, I believe nobber's setup and one described by KyeU are the same as what you think is right.

browser connects to port 8080 (proxo), proxo calls "remote" proxy 127.0.0.1 on 8081 (which is listened to by stunnel), stunnel encrypts the data and passes it on to 209.209.209.209:443.
so, browser -- proxo --- stunnel --- server
which I *THINK* is what you meant?

Anyhow, I have a couple of questions for nobber about stunnel:
Apart from the config file, is there anything else I should do to get this proggy working (run from command line? if so what syntax to use)?
About the secure remote server bit in the conf file (connect = ... ), does it have to listen on the port 443 for the whole thing to work? I tried a https proxy (which listens on port 80), no luck. The proggy establishes the connection alright, but web page doesn't load at all .... anyway, not sure I've used all the right terminology here, (kinda new to this), so apologies if it causes any confusion.

btw Oddysey, I dunno, but there could be some advantage to the browser--stunnel--proxo configuration (assuming it's possible). I mean, it certainly makes it easier to store a list of possible secure servers.
Add Thank You Quote this message in a reply
Sep. 26, 2004, 06:36 PM
Post: #10
 
bugingzi;

I believe you have it right. I must have been more asleep than I thought when I wrote that drivel. Sigh. <read that as "$h1t!"> [beatdown]

It took me several attempts to work it all out, but in the end, you are correct, the path shown by Kye-U is from the browser to Proxo, then to stunnel, then out to the 'net. This makes the most sense, as it "should" use the least amount of resources, and introduce the least delays (extra processing time) into the data flow.

Quote:About the secure remote server bit in the conf file (connect = ... ), does it have to listen on the port 443 for the whole thing to work? I tried a https proxy (which listens on port 80), no luck.
That would be the expected result. Without knowing the exact product, I'll lay dinars to donuts that your https proxy was expecting encrypted data, and didn't get any, because it was listening on Port 80, where there probably won't be any encryption.

Thanks for being kind to an old fart! Cheers


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Sep. 26, 2004, 07:12 PM
Post: #11
 
Hi Oddysey! I sincerely thank you for the warm welcome. I'm also pleased the forums are back up. buqingzi in response to your question heres a walkthrough of how to get stunnel working. Download stunnel 4.05 and the 2 openssl files from http://www.stunnel.org. Place the extracted openssl files into a folder along with the stunnel exe. Now you have to create a stunnel.conf file. Simple open notepad and copy and paste these lines:

client = yes

[https]
accept = 127.0.0.1:8081
connect = your.proxy.server.ip.here:your.proxy.https.port

ie:

client = yes

[https]
accept = 127.0.0.1:8081
connect = 209.209.209.209:443

save the file as stunnel.conf

Every time you modify the stunnel.conf file you have to close and restart stunnel for the changes to take effect. Next simply configfure your browser/proxomitron as Kye-U has beautifully explained below. There are a few caveats that I must address here however. From my experience in order for the ssl wrapping to take place the proxy you connect to must be an apache server preferably apache ssl. I tried everything but could not connect to many proxy servers despite the https port being wide open. I have been able to successfully connect to only one proxy until the darn thing died on me.

Can someone explain the possibility of running the apache server software on my xp compatible pc? I have found detailed turorials online of how to install apache ssl but I wonder what the chances are being able to connect to my own server with stunnel and wrap the traffic . I found this on the stunnel website:


Non-encrypted configuration

+---------+ | | +--------+ +---------+
| non-SSL | ---- | | --- | Apache | -- | non-SSL |
| enabled | | | | w/o | | enabled |
| client | | | | SSL | | server |
+---------+ | | +--------+ +---------+
CLIENT NET WEB SERVER SERVICE

Encrypted version with STUNNEL

+---------+ | | +--------+ +---------+
| non-SSL | -ST- | | --- | Apache | -- | non-SSL |
| enabled | | | | WITH | | enabled |
| client | | | | SSL | | server |
+---------+ | | +--------+ +---------+
CLIENT NET WEB SERVER SERVICE


I wish there was an easier way of encypting the traffic on my own pc but I am just a noob. thanks.
Add Thank You Quote this message in a reply
Sep. 26, 2004, 08:56 PM
Post: #12
 
Hi nobbber, thanks for the info. I have already done all of the things you mentioned in your post, but yeah I suppose none of the https servers I tried were apaches (which was why I thought it must have been something else that I missed).
btw, I've seen the line verify=0 being in some sample conf files, not sure if that has any effect (but I suppose if yours works perfectly then it doesn't matter... "if it ain't broke, don't fix it")


edit:
There is a patch called "connect-proxy.mwald" on the stunnel site http://www.stunnel.org/patches/desc/conn...mwald.html
Which I *THINK* is relevant here. However I don't know how to perform the patch, as it seems it's supposed to be added to the source code (downloadable from the http://www.stunnel.org), then compiled. They recommend two compilers, mingw and the Visual C++ compiler, but the link for mingw is dead for me. Anyhow, all this is kinda beyond my ability... you (or someone else here :-) ) might find it useful so...

P.S. sorry this has gone off topic from proxomitron to be about stunnel
Add Thank You Quote this message in a reply
Sep. 26, 2004, 11:57 PM
Post: #13
 
buqingzi Wrote:Hi nobbber, thanks for the info. I have already done all of the things you mentioned in your post, but yeah I suppose none of the https servers I tried were apaches (which was why I thought it must have been something else that I missed).
btw, I've seen the line verify=0 being in some sample conf files, not sure if that has any effect (but I suppose if yours works perfectly then it doesn't matter... "if it ain't broke, don't fix it")


edit:
There is a patch called "connect-proxy.mwald" on the stunnel site http://www.stunnel.org/patches/desc/conn...mwald.html
Which I *THINK* is relevant here. However I don't know how to perform the patch, as it seems it's supposed to be added to the source code (downloadable from the http://www.stunnel.org), then compiled. They recommend two compilers, mingw and the Visual C++ compiler, but the link for mingw is dead for me. Anyhow, all this is kinda beyond my ability... you (or someone else here :-) ) might find it useful so...

P.S. sorry this has gone off topic from proxomitron to be about stunnel
Greetings buqingzi. I think that patch is irrelevant here because the connect line in the configuration file tells stunnel where to connect. I keep getting error messages "peer suddenly disconnected" and "SSL GET wrong version" or something similar. I know the problem is related to the proxy server software because I have connected a few days ago with the same settings. I'm just going to try and set up the apache software on my machine and see if that works. I might take a few days but I will post the results ASAP. Good luck!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: