ProxHTTPSProxyMII: Reloaded
|
May. 16, 2018, 07:36 PM
Post: #226
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 16, 2018 04:28 PM)vlad_s Wrote: How can I extract the public key? The certificate does not help with the link. I need to browse the site of https://uslugi.tatarstan.ru/, the browser Waterfox 55 does not, say SEC_ERROR_UNKNOWN_ISSUER, IE does not retrieve the key (the button is gray), MS Edge does not know how or I do not know how. I tested site at https://www.ssllabs.com/ssltest/index.html Results, https://www.ssllabs.com/ssltest/analyze.html?d=uslugi.tatarstan.ru&hideResults=on , show a missing cert that can be downloaded from http://cacerts.thawte.com/ThawteRSACA2018.crt ThawteRSACA2018.zip (Size: 1.32 KB / Downloads: 449) uslugi.tatarstan.ru worked for me, after I added the cert to 'cacert.pem'. |
|||
The following 1 user says Thank You to JJoe for this post: vlad_s |
May. 17, 2018, 04:50 PM
Post: #227
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
Thanks for the link for verification! I already added this certificate. And everything works .
|
|||
May. 20, 2018, 03:01 PM
Post: #228
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
Hi JJoe,
thank you for ProxHTTPSProxy. May I make a humble request? I would very much appreciate if you changed line 113 in CertTool.py from a hard error to a warning or remove them completely: Code: def startup_check(): The reason is, on Windows, os.path.exists(...) returns False for directory junctions or symlinks. That means that I can't move the certificates outside of the ProxHTTPSProxy's directory. Thank you. |
|||
May. 21, 2018, 08:39 AM
(This post was last modified: May. 22, 2018 06:32 PM by ryszardzonk.)
Post: #229
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
EDIT:
LOL - I scratched my misleading post. I turned out that all my problems where due to the fact that before I made config backup I replaced frontproxy number with reaproxy... Installation script did it all right just config was wrong... Duah... |
|||
May. 23, 2018, 08:03 AM
Post: #230
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
Is there any reason why downloading ProxHTTPSProxyMII with wget is disallowed? I get the following trying to install application with the script.
Code: wget https://www.prxbx.com/forums/attachment.php?aid=1029 I can force script with RESTRICT="fetch" option if manual download is required, but would welcome allowing it for easier installation process. |
|||
May. 23, 2018, 01:56 PM
Post: #231
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded | |||
May. 27, 2018, 02:16 AM
Post: #232
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
I'm about to throw in the towel. This issue has been said in this thread time and time again, and I apologize for that in advance, I absolutely can not for the life of me get this to work because of that certificate. I have tried everything listed in this thread that might help but no matter what, even though the certificate is installed and everything is correctly set up, Internet Explorer or any other web browser refuses to load any https site, saying the certificate is invalid, or there is an error or something.
I don't know what else to do. And the funny thing is I installed ProxHTTPSProxyMII on two other Windows 10 computers with zero issues, so why in the world is this one flat out refusing to work? I just don't know. Please let me know what configs or information to provide to help make this as easy as possible. |
|||
May. 27, 2018, 07:26 AM
Post: #233
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
@JJoe
Yeah I realized in order to download attachment from the forum one has to be logged in. Would posting the program in different location where no login would be required is possible? Hence software is opensource than github perhaps? Reason I ask is that I created installation script for easy adoption by Gentoo Linux users https://bugs.gentoo.org/656470 and automation of tasks is what those scripts are all about. On the side note is it possible with ProxHTTPSProxyMII to setup in config logging to the file instead of console? @Hydl When I first used ProxHTTPSProxyMII I installed CA.crt using browser and turned out it worked only for Firefox and Thunderbird. IE did not install it as trusted root certificate. When I used MMC http://community.lightspeedsystems.com/d...indows-10/ only than CA.crt was used system wide. |
|||
May. 27, 2018, 01:12 PM
Post: #234
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
@ryszardzonk
Thank you for the suggestion, but sadly it didn't work. Each browser is still reporting every https website as insecure. Chrome gives me the error of: "NET::ERR_CERT_AUTHORITY_INVALID" IE gives me the error of: "DLG_FLAGS_INVALID_CA" And finally the ProxHTTPSProxyMII 1.4 console gives me the error of: "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www.website.com:443] Is there something wrong with the certificate that every browser keeps saying its invalid? |
|||
May. 27, 2018, 03:05 PM
(This post was last modified: May. 27, 2018 03:06 PM by JJoe.)
Post: #235
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 01:12 PM)Hydl Wrote: the ProxHTTPSProxyMII 1.4 console gives me the error of: "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [www.website.com:443] First, try ProxHTTPSProxyMII 1.5wipb, http://prxbx.com/forums/showthread.php?tid=2172&pid=19253#pid19253 . 1.4 does not support SubjectAltNames. Is there another mitm (antivirus) between MII and the sites? I have seen "EOF occurred in violation of protocol (_ssl.c:600)" when MII attempts connection to sites that use TLS 1.0. MII does not support TLS 1.0. |
|||
May. 27, 2018, 04:11 PM
Post: #236
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 07:26 AM)ryszardzonk Wrote: Yeah I realized in order to download attachment from the forum one has to be logged in. Would posting the program in different location where no login would be required is possible? Hence software is opensource than github perhaps? Reason I ask is that I created installation script for easy adoption by Gentoo Linux users https://bugs.gentoo.org/656470 and automation of tasks is what those scripts are all about. I don't have to login to download. I found ProxHTTPSProxyMII on github, https://github.com/wheever/ProxHTTPSProxyMII , after I added SAN. 1.5wipb may be added to github. I'm not sure how my changes should be added... Have you considered uploading to gentoo.org? I'd ask whenever first. (May. 27, 2018 07:26 AM)ryszardzonk Wrote: On the side note is it possible with ProxHTTPSProxyMII to setup in config logging to the file instead of console? I'd assume so but at what cost. My preference is that MII work on as many systems as possible and the user be aware of it. Also, I'm not a python wiz. whenever posted a lancher to minimize the console window to the system tray, http://prxbx.com/forums/showthread.php?tid=2172&pid=17955#pid17955 . |
|||
May. 27, 2018, 07:10 PM
Post: #237
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
(May. 27, 2018 03:05 PM)JJoe Wrote: First, try ProxHTTPSProxyMII 1.5wipb, Thank you JJoe. I tried version 1.5 and it worked immediately without issue. I guess that "SubjectAltNames" was the culprit as you suggested, but everything is working as expected now. Its very nice to see Proxomitron is still alive after all this time. Also JJoe, I'm not trying to be a pest or anything but I would seriously consider hosting 1.5 on another site. 1fichier seems to be riddled with malware redirects. |
|||
May. 27, 2018, 08:03 PM
Post: #238
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded | |||
May. 28, 2018, 11:41 AM
Post: #239
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
That's because you're using Proxomitron to filter them out?
Have accidentally sent others to sites with malware alongside the useful content, for the same reason... |
|||
May. 28, 2018, 11:54 AM
Post: #240
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded | |||
« Next Oldest | Next Newest »
|