Post Reply 
ProxHTTPSProxyMII: Reloaded
Jan. 05, 2015, 08:13 PM
Post: #61
RE: ProxHTTPSProxyMII: Reloaded
You cannot load this url https://s1.pir.fm/pf/docs/document_icon.gif because your cacert.pem cause that, add this to your cacert.pem will solve that problem:

Code:
-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3
MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UE
CxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQD
EypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzD
BNliF44v/z5lz4/OYuY8UhzaFkVLVat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOv
K/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23e
cSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HY
pDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7n
eTOvDCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMB
AAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
HQ4EFgQUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv
9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5n
b2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz
91cxG7685C/b+LrTW+C05+Z5Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2
RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawi
DsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11
GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----
Add Thank You Quote this message in a reply
Jan. 05, 2015, 08:44 PM
Post: #62
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 05, 2015 08:13 PM)GunGunGun Wrote:  You cannot load this url https://s1.pir.fm/pf/docs/document_icon.gif because your cacert.pem cause that, add this to your cacert.pem will solve that problem:

That worked, thanks!
Add Thank You Quote this message in a reply
Jan. 06, 2015, 03:10 AM (This post was last modified: Jan. 06, 2015 03:11 AM by JJoe.)
Post: #63
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 05, 2015 12:55 AM)zoltan Wrote:  I still get the cookie message when trying to sign into yahoo mail, but maybe that's something Proxomitron is doing.

Probably the Proxomitron. I'm manually logging in at "mail.yahoo.com" till I fix the auto login.

(Jan. 05, 2015 12:55 AM)zoltan Wrote:  Which brings another question. Could you be a little more specific about the warning to "use a direct connection when you don't want any mistakes."

My concern is changing or hiding something important, instructions, warnings, message content, passwords, security questions, etc.

(Jan. 05, 2015 12:55 AM)zoltan Wrote:  Should it not be used with email?

I filter while reading and sending but not while editing account settings.
The Proxomitron Forums have examples of people (and me) posting things that they did not type. Wink

(Jan. 05, 2015 12:55 AM)zoltan Wrote:  Financial transactions?

I don't. If a mistake is made, I want it to be their fault.
I helped restore somebody's account access in November.
I have almost spent more money than intended.

(Jan. 05, 2015 12:55 AM)zoltan Wrote:  In a situation where it's necessary to use a direct connection, is it sufficient to just bypass Proxomitron, or does ProxHTTPSProxy need to be shut down too?

Direct is easiest and probably best. The browser, website, and you will have access to more info.
"necessary" depends.
Add Thank You Quote this message in a reply
Jan. 07, 2015, 03:23 AM
Post: #64
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 06, 2015 03:10 AM)JJoe Wrote:  Probably the Proxomitron. I'm manually logging in at "mail.yahoo.com" till I fix the auto login.
I'm using mail.yahoo.com to sign in and can't get past the login screen. The message is "The browser you're using refuses to sign in. (cookies rejected)."
Also can't sign in to gmail. it just shows a progress bar with "loading" + address and hangs there.
Can't sign in to youtube. Says the password is incorrect.
Amazon sign in is OK though.

I wanted to make sure it wasn't something in my personalized config, so I tried a fresh version of sidki_2011-12-22rc1.ptron. Essentially the same result, only gmail doesn't even go to progress bar. It just reverts to the sign in screen with blank boxes. I got these errors (see image) with yahoo after trying to sign in from the help page and after attempting multiple times.

(Jan. 06, 2015 03:10 AM)JJoe Wrote:  
(Jan. 05, 2015 12:55 AM)zoltan Wrote:  In a situation where it's necessary to use a direct connection, is it sufficient to just bypass Proxomitron, or does ProxHTTPSProxy need to be shut down too?
Direct is easiest and probably best. The browser, website, and you will have access to more info.
"necessary" depends.
I'm still not understanding whether it's sufficient to just bypass Proxomitron in cases where a direct connection is desired. Does it matter that ProxHTTPSProxy is still running? Is the connection pure at that point, or does ProxHTTPSProxy compromise it in some way?
Add Thank You Quote this message in a reply
Jan. 07, 2015, 04:20 AM
Post: #65
RE: ProxHTTPSProxyMII: Reloaded
>zoltan:
I know that skidi is a privacy-oriented filter suite, so I advise you try to disable Header Filter or filter that delete document.cookie because site like Gmail is tricky, they want user enable document.cookie to track user and the fact is only Cookie Header is enough.
Add Thank You Quote this message in a reply
Jan. 07, 2015, 05:57 AM
Post: #66
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 07, 2015 03:23 AM)zoltan Wrote:  I'm using mail.yahoo.com to sign in and can't get past the login screen. The message is "The browser you're using refuses to sign in. (cookies rejected)."
Also can't sign in to gmail. it just shows a progress bar with "loading" + address and hangs there.
Can't sign in to youtube. Says the password is incorrect.
Amazon sign in is OK though.

I saw the cookies rejected warning at yahoo. Worked after I cleared the browser's cache. After you signin with a direct connection does the requested service appear or are you redirected to another page first?
Gmail usually signs in.
Amazon has signed in. I don't filter while signed in there.
Have never signed in to youtube.

Which browser are you using?

(Jan. 07, 2015 03:23 AM)zoltan Wrote:  I'm still not understanding whether it's sufficient to just bypass Proxomitron in cases where a direct connection is desired. Does it matter that ProxHTTPSProxy is still running? Is the connection pure at that point, or does ProxHTTPSProxy compromise it in some way?

It would not be 'pure' because ProxHTTPSProxy would still be in the middle providing its certificate and routines.

By direct I mean no proxies. The Proxomitron and ProxHTTPSProxy may run but the browser should not use them. Change the browser's proxy setting to 'direct'.

However, ProxHTTPSProxy does have a [SSL Pass-Thru] section in "config.ini". URLs matched by this section should 'bypass' ProxHTTPSProxy. Temporarily adding a * to this section should be similar to the Proxomitron's bypass button.

If you haven't done so, read "config.ini".
Add Thank You Quote this message in a reply
Jan. 07, 2015, 11:16 AM
Post: #67
RE: ProxHTTPSProxyMII: Reloaded
Attached is a launcher modified from https://github.com/phuslu/taskbar. If extracted into the ProxHTTPSProxyMII directory, the Launcher.exe can start the program with the console window minimized to the system tray. Left click on the system tray icon can restore or minimize the window again.

The right click menu has more options but is hard coded with Chinese characters. You have to either modify the source code and recompile, or hex edit the exe file to change, which I'm not good at either.

Another choice is RBTray, which can minimize almost any window to the system tray.


Attached File(s)
.zip  Launcher.zip (Size: 6.71 KB / Downloads: 197)
Add Thank You Quote this message in a reply
Jan. 07, 2015, 12:59 PM (This post was last modified: Jan. 07, 2015 01:03 PM by soccerfan.)
Post: #68
RE: ProxHTTPSProxyMII: Reloaded
I tried to get it working but keep getting this type of error on https sites:
_________________
502: HTTPError

The following error occurred while trying to access https://duckduckgo.com/html/

HTTPSConnectionPool(host='duckduckgo.com', port=443): Max retries exceeded with url: /html/
(Caused by ProxyError('Cannot connect to proxy.', TimeoutError(10060, 'A connection attempt failed
because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to respond', None, 10060, None)))
Generated on 2015-01-07 07:37:33.578125 by ProxHTTPSProxyMII RearProxy/v1.2.
__________________
In my setup, I have:
ProxHTTPSProxyMII running with its default config.ini
Browser (palemoon portable 24.0.2) set to 127.0.0.1:8080 for http and 127.0.0.1:8079 for https (socks4)
The Proxo config file includes
Code:
BypassURL = "$OHDR(Tagged:Proxomitron FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)|(^local.ptron/sidki_h)$LST(Bypass-List)|$LST(Bypass-SSL)"
and
Code:
[Proxies]
OpenLog = TRUE

>127.0.0.1:8081 ProxHTTPSProxyR

And the Exceptions-U file includes:
Code:
$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)
~(^$TST(keyword=i_proxy:[03].))$OHDR(Tagged:ProxHTTPSProxyMII FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)

And, CA.crt is imported to the browser certificates store.

Any suggestions as to what I might be doing wrong? Thanks

soccerfan
Add Thank You Quote this message in a reply
Jan. 07, 2015, 08:36 PM
Post: #69
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 07, 2015 12:59 PM)soccerfan Wrote:  Any suggestions as to what I might be doing wrong? Thanks

duckduckgo.com works for me.

Please attach the Proxomitron's and ProxHTTPSProxyMII's logs for the https://duckduckgo.com/html/ request.
Add Thank You Quote this message in a reply
Jan. 07, 2015, 08:57 PM
Post: #70
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 07, 2015 08:36 PM)JJoe Wrote:  Please attach the Proxomitron's and ProxHTTPSProxyMII's logs for the https://duckduckgo.com/html/ request.

Attached are the contents of the log window of proxomitron
and ProxHTTPSProxyMII (with LogLevel = DEBUG in its config.ini)
Thanks.


Attached File(s)
.txt  ProxHTTPSProxyMII_log_window.txt (Size: 1.47 KB / Downloads: 139)
.txt  Proxomitron_log_window.txt (Size: 5.16 KB / Downloads: 109)

soccerfan
Add Thank You Quote this message in a reply
Jan. 08, 2015, 01:21 AM
Post: #71
RE: ProxHTTPSProxyMII: Reloaded
Please comment out all lines under [PROXY http://192.168.178.8:8123] section.

They are there to demo how parent proxy is used. From next version I will make them commented out by default.

BTW, you should change "Tagged:Proxomitron" to "Tagged:ProxHTTPSProxyMII" in the BypassURL line of your Proxo config file.
Add Thank You Quote this message in a reply
Jan. 08, 2015, 02:07 AM
Post: #72
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 07, 2015 04:20 AM)GunGunGun Wrote:  >zoltan:
I know that skidi is a privacy-oriented filter suite, so I advise you try to disable Header Filter or filter that delete document.cookie because site like Gmail is tricky, they want user enable document.cookie to track user and the fact is only Cookie Header is enough.

There are 17 cookie-related header filters in the sidki set but nothing suggesting "document.cookie" so I'm not sure which one you're suggesting.
Add Thank You Quote this message in a reply
Jan. 08, 2015, 02:17 AM (This post was last modified: Jan. 08, 2015 02:20 AM by zoltan.)
Post: #73
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 07, 2015 05:57 AM)JJoe Wrote:  I saw the cookies rejected warning at yahoo. Worked after I cleared the browser's cache. After you signin with a direct connection does the requested service appear or are you redirected to another page first?
Gmail usually signs in. Amazon has signed in. I don't filter while signed in there. Have never signed in to youtube.
Which browser are you using?

Using Firefox. I've cleared cache and cookies each time before signing in. Still no luck getting into yahoo filtered.
With a direct connection (FF set to "no proxy") sign in to Yahoo was instant as expected. With proxy on and Proxomitron bypassed, there was greater hesitation, but no other page first. I've noticed significant delay/hesitation on filtered Google searches too, but they do work.
I successfully signed into youtube tonight which appears to use the same sign in page as gmail. I then discovered that gmail is completing the authentication part of the sign in process but will not load for some reason -- still get the progress bar that never completes. Choosing "basic html" at the bottom of the stuck loading page completes the sign in successfully, so... don't know what to make of that.

Tonight I got one of those 502 errors when signing in to Amazon, but refreshing the page successfully signed in. I don't mind that so much, but email is a real pain.
Add Thank You Quote this message in a reply
Jan. 08, 2015, 03:43 AM
Post: #74
RE: ProxHTTPSProxyMII: Reloaded
(Jan. 08, 2015 02:17 AM)zoltan Wrote:  I've cleared cache and cookies each time before signing in. Still no luck getting into yahoo filtered.

I get in with ProxHTTPSProxyMII added to the sidki_oob config. I did get one 502 in several attempts.
Is it a regular free yahoo mail account.
Could it be something that you have added, filter or list entry.
I tested with Firefox 33.1.1.

(Jan. 08, 2015 02:17 AM)zoltan Wrote:  I've noticed significant delay/hesitation on filtered Google searches too, but they do work.

Usually not enough to bother me. It is the price paid for filtering 100 results and etc.

(Jan. 08, 2015 02:17 AM)zoltan Wrote:  I then discovered that gmail is completing the authentication part of the sign in process but will not load for some reason -- still get the progress bar that never completes. Choosing "basic html" at the bottom of the stuck loading page completes the sign in successfully, so... don't know what to make of that.

Confirmed. The borrowed Gmail account I tested was set to use "basic html".
Add Thank You Quote this message in a reply
Jan. 08, 2015, 08:48 AM
Post: #75
RE: ProxHTTPSProxyMII: Reloaded
It's a regular free account. I don't trust my lists/filters either so I used the config and lists from here.
With that, still can't sign in to yahoo. The only difference is that the message about cookies doesn't appear from the mail.yahoo.com page, though it still does from the help page.

The google search speed isn't a concern for me either, however I had been using a workaround for quite a while. I would search from this link (a search result in itself) and the results are fast. I'm not sure why that's so, but I picked up the idea here months ago.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: