Post Reply 
ProxHTTPSProxyMII: Reloaded
Dec. 28, 2014, 08:38 AM
Post: #46
RE: ProxHTTPSProxyMII
Version 1.2 (20141221)
--------------
+ Content is streamed to client, while not cached before sending
* Fix config auto reload
* Less exception traceback dumped
* Tagged header changed from "Tagged:Proxomitron FrontProxy/*" to "Tagged:ProxHTTPSProxyMII FrontProxy/*"

You have to change your Proxomitron or Privoxy settings for the tagged header changes to work again.

The python openssl module package now has openssl built in, so you should not need to install openssl manually any more.

download
Add Thank You Quote this message in a reply
[-] The following 3 users say Thank You to whenever for this post:
usr, GunGunGun, zoltan
Jan. 03, 2015, 07:25 AM (This post was last modified: Jan. 04, 2015 12:06 AM by zoltan.)
Post: #47
RE: ProxHTTPSProxyMII: Reloaded
After being away from Proxomitron updates/changes for a while and now reading through several threads, I'm unsure about quite a few things:

Is ProxHTTPSProxyMII 1.2.zip the only version that should be used?
Does ProxHTTPSProxy.exe have to be in the same folder as the other files it was zipped with? Should they be separated from the Proxomitron folders/files, or do they work in conjunction and depend on a specific location?
I downloaded PrivHTTPSProxy.rar, and the included files are quite different. Does the MII zip include all the files necessary, or do they have to be combined with earlier downloads?
In a much older post, it says you must install Python 2.x and OpenSSL. Is that no longer necessary?
Under "Configure" it says to set the browser with 3 different ports, one for secure, one for receive and one for forward. My Firefox only has one for HTTPS and one for HTTP.
Does the black ProxHTTPSProxy window have to stay open at all times? If so, can it go to system tray instead of taskbar?
Is there anything else I should know to fully set this up?
Currently when running, I'm getting "connection untrusted" for https pages, but I'm guessing something isn't set properly.
Add Thank You Quote this message in a reply
Jan. 03, 2015, 04:13 PM
Post: #48
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 03, 2015 07:25 AM)zoltan Wrote:  After being away from Proxomitron updates/changes for a while and now reading through several threads, I'm unsure about quite a few things:

Is ProxHTTPSProxyMII 201.2.zip the only version that should be used?
Does ProxHTTPSProxy.exe have to be in the same folder as the other files it was zipped with? Should they be separated from the Proxomitron folders/files, or do they work in conjunction and depend on a specific location?
I downloaded PrivHTTPSProxy.rar, and the included files are quite different. Does the MII zip include all the files necessary, or do they have to be combined with earlier downloads?
In a much older post, it says you must install Python 2.x and OpenSSL. Is that no longer necessary?
Under "Configure" it says to set the browser with 3 different ports, one for secure, one for receive and one for forward. My Firefox only has one for HTTPS and one for HTTP.
Does the black ProxHTTPSProxy window have to stay open at all times? If so, can it go to system tray instead of taskbar?
Is there anything else I should know to fully set this up?
Currently when running, I'm getting "connection untrusted" for https pages, but I'm guessing something isn't set properly.

Did you Import CA.crt to your certificate manager and Check all three checkboxes with Firefox like browser ?

You may check my thread, have enough information for you: http://www.wilderssecurity.com/threads/p...re.371961/

As far as I know, new version always better, and at this time you should use 1.1b. And new version will need Python 3, the package that you mention above is a bundle so you just have to import CA.crt to your browser.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 12:09 AM
Post: #49
RE: ProxHTTPSProxyMII: Reloaded
Checkboxes? What do you mean?
At first, I imported CA.crt via Options > Advanced > Certificates > Your Certificates.
Then I noticed the "Authorities" tab and tried to import it there. It said, "this certificate is already installed." I don't see anything like "CA" in the list under that tab.

The link is to privoxy. I'm using Proxomitron and have many customized filters so I want to stick with that.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 04:06 AM
Post: #50
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 03, 2015 07:25 AM)zoltan Wrote:  Is ProxHTTPSProxyMII 1.2.zip the only version that should be used?

For now yes. Newer version may come out in the future for bug fixes or improvements.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  Does ProxHTTPSProxy.exe have to be in the same folder as the other files it was zipped with?

Yes. It depends on other files to work.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  Should they be separated from the Proxomitron folders/files, or do they work in conjunction and depend on a specific location?

You can place the ProxHTTPSProxyMII folder anywhere you like.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  I downloaded PrivHTTPSProxy.rar, and the included files are quite different. Does the MII zip include all the files necessary, or do they have to be combined with earlier downloads?

I have no idea about the rar version. All the py and exe versions I offered were packed in zip format.

The exe version zip file has packaged all the files needed.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  In a much older post, it says you must install Python 2.x and OpenSSL. Is that no longer necessary?

The exe version from v1.2 doesn't need that any more.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  Under "Configure" it says to set the browser with 3 different ports, one for secure, one for receive and one for forward. My Firefox only has one for HTTPS and one for HTTP.

If you use the default ports, set HTTP to 8080 (Proxomitron default) and set HTTPS to 8079 (ProxHTTPSProxyMII default), then follow the guide to make Proxomitron to forward tagged http requests to 8081.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  Does the black ProxHTTPSProxy window have to stay open at all times?

Yes.

(Jan. 03, 2015 07:25 AM)zoltan Wrote:  If so, can it go to system tray instead of taskbar?

You can do it via some 3rd party tool, or I can provide one if every body wants it.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 05:47 AM
Post: #51
RE: ProxHTTPSProxyMII: Reloaded
Thanks for the answers. I think I've done everything as instructed. See pic. But for https pages I'm getting "this connection is untrusted."

A few things:
Under "Bypass URLs that match this expression" I added the specified code to the front of
$KEYCHK(^C^A^S)|(^local.ptron/sidki_h)$LST(Bypass-List)|$LST(Bypass-SSL)

I added the specified code to Exceptions U but didn't add the "redirect connections to..." code or any of the other "tips" code. I wasn't sure if that was necessary and don't quite understand it.

As mentioned in post #52 above, I tried to import CA.crt but am not sure it was done correctly.

To start, I just manually executed the ProxHTTPSProxy.exe file from Win Explorer.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 06:34 AM
Post: #52
RE: ProxHTTPSProxyMII: Reloaded
When importing, you should check all three checkboxes like me, here you can recheck it again:
[Image: WFICkqO.png]
Add Thank You Quote this message in a reply
Jan. 04, 2015, 07:08 AM
Post: #53
RE: ProxHTTPSProxyMII: Reloaded
I never got those options. See pic. This is where I tried to import. It says it's already installed (though I think I originally imported it from the "your certificates" tab.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 07:14 AM
Post: #54
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 04, 2015 07:08 AM)zoltan Wrote:  I never got those options. See pic. This is where I tried to import. It says it's already installed (though I think I originally imported it from the "your certificates" tab.

You can find ProxHTTPSProxy CA from your Certificate Manager and Edit Trust, tick all three.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 07:23 AM
Post: #55
RE: ProxHTTPSProxyMII: Reloaded
I found the certificate under Servers. After clicking edit trust, "Do not trust the authenticity..." was checked. I changed it to trust, then under edit, I checked the 3 boxes. Now, after closing it and reopening, it's no longer under Servers.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 07:27 AM
Post: #56
RE: ProxHTTPSProxyMII: Reloaded
You should delete that cert from Server and Import it to Authorities, and only Authorities, not any other tab.
Add Thank You Quote this message in a reply
Jan. 04, 2015, 07:41 AM
Post: #57
RE: ProxHTTPSProxyMII: Reloaded
But like I said, it's no longer in the list, either in Servers or Authorities (though there is a "CAcert Inc". So I tried importing it to Authorities and still get the "already installed" message.
However, I can now open HTTPS pages without the "untrusted" error. Except for yahoo mail which claims "the browser you're using refuses to sign in (cookies rejected)"
Add Thank You Quote this message in a reply
Jan. 04, 2015, 09:33 AM
Post: #58
RE: ProxHTTPSProxyMII: Reloaded
If it's "already installed", you should could find it in the list.

.png  2015-01-04_172857.png (Size: 12.48 KB / Downloads: 191)

BTW, it's enough for the program to work to trust it for websites only.

.png  2015-01-04_173101.png (Size: 4.47 KB / Downloads: 176)
Add Thank You Quote this message in a reply
Jan. 05, 2015, 12:55 AM
Post: #59
RE: ProxHTTPSProxyMII: Reloaded
It finally showed up under authorities, but only after restarting the computer. It seems to be filtering https pages, so I suppose it's working properly. The Certs folder is filling up with lots of .crts from various sites if that indicates anything.

I still get the cookie message when trying to sign into yahoo mail, but maybe that's something Proxomitron is doing.

Which brings another question. Could you be a little more specific about the warning to "use a direct connection when you don't want any mistakes." Should it not be used with email? Financial transactions? Are those things mostly OK to filter if you're using a wired connection on a home computer? In a situation where it's necessary to use a direct connection, is it sufficient to just bypass Proxomitron, or does ProxHTTPSProxy need to be shut down too?

As for the open window, yes it would be nice to put it in the system tray. Unless of course it's going to need regular attention, or is this likely to be a set-it-and-forget-it application?

BTW a big thanks for all the work that's been put into creating and perfecting this. If it solves the https issues for me I'm going to be thrilled. With so many sites (or even just their css) going to secure connections, Proxomitron was working only part of the time.
Add Thank You Quote this message in a reply
Jan. 05, 2015, 04:33 AM (This post was last modified: Jan. 05, 2015 04:50 AM by Quaraxkad.)
Post: #60
RE: ProxHTTPSProxyMII: Reloaded
I'm still not clear on how SSL and certificates and all that stuff works, so I'm not sure where to look in diagnosing this error I got today:
[SSL Certificate Error] https://s1.pir.fm/pf/docs/document_icon.gif

My browser shows:
417: SSL Certificate Failed
The following error occurred while trying to access https://s1.pir.fm/pf/docs/document_icon.gif
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
Generated on 2015-01-04 23:45:56.635409 by ProxHTTPSProxyMII RearProxy/v1.2.

Other SSL pages still work, and the above URL loads properly when I disable proxy servers.


(Jan. 04, 2015 04:06 AM)whenever Wrote:  
(Jan. 03, 2015 07:25 AM)zoltan Wrote:  If so, can it go to system tray instead of taskbar?

You can do it via some 3rd party tool, or I can provide one if every body wants it.

What tool do you use? I currently run it from a VBS script to keep it completely hidden, but minimized to the tray would be better so I could open it to view the log.

In case anybody else just wants it hidden, here's my VBS "launcher" code:
CreateObject("Wscript.Shell").Run "C:\path\to\pythonw.exe C:\other\path\to\ProxHTTPSProxy.py", 0, False
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: