Post Reply 
ssl site access even in BYPASS
Apr. 18, 2017, 06:17 PM
Post: #16
RE: ssl site access even in BYPASS
(Apr. 18, 2017 01:08 PM)ProxRocks Wrote:  SSL pages are NOT FILTERED by Proxo even though i have the SSL patch and the SSL dll's (and renaming certs.pem so Proxo can't find it)...

Proxomitron's log window should have shown traffic, if all was correct.

(Apr. 18, 2017 01:08 PM)ProxRocks Wrote:  getting a way to FILTER *SSL* pages without the D@MN warning pieces of SH#T is a *MUST* - any advice?

half-ssl used to work, i've had too many 'issues' with half-ssl so i've been using QupZilla and the IGNORE ALL SSL WARNINGS setting...

ProxHTTPSProxyMII or Proxydomo.

(Apr. 18, 2017 01:21 PM)ProxRocks Wrote:  the *ONLY* one i am having issues with is Capital One...

(Apr. 18, 2017 04:58 PM)ProxRocks Wrote:  been able to resolve how IE8 thru IE11 simply does NOT work on that site...

Capital One's tech support (after VERY HIGH CALL VOLUME) gave me a different link to use...

Google shows others having your problem.

I remember something like this happening on xppro. I don't remember the bank.
It worked right after I set the computer to the correct time.

There could be a dns problem.
Add Thank You Quote this message in a reply
Apr. 19, 2017, 04:45 PM
Post: #17
RE: ssl site access even in BYPASS
(Apr. 18, 2017 06:17 PM)JJoe Wrote:  
(Apr. 18, 2017 01:08 PM)ProxRocks Wrote:  getting a way to FILTER *SSL* pages without the D@MN warning pieces of SH#T is a *MUST* - any advice?

half-ssl used to work, i've had too many 'issues' with half-ssl so i've been using QupZilla and the IGNORE ALL SSL WARNINGS setting...

ProxHTTPSProxyMII or Proxydomo.

To ease, I hope, a transition to ProxHTTPSProxyMII:

Download "Mod2ProxHTTPSProxyMII.cfg".
Merge with your cfg, first select "Global Settings" and "External Proxy List" in Proxomitron's Merge-O-Matic dialog.
Disable halfSSL in new cfg.
Rename and save this new cfg.

Download my current ProxHTTPSProxyMII folder at https://1fichier.com/?dp5otr4ep4, http://prxbx.com/forums/showthread.php?tid=2172&pid=19062#pid19062
Extract folder, ProxHTTPSProxyMII 1.4 34cx_freeze5.0.1urllib3v1.2Win32OpenSSL_Light-1_0_2k-1_1_0e.
Add folder's "CA.crt" to your browser's store.
Change Browser to send HTTPS requests to 8079.
Start ProxHTTPSProxy.exe

Test [fingers crossed]


Attached File(s)
.cfg  Mod2ProxHTTPSProxyMII.cfg (Size: 570 bytes / Downloads: 37)
Add Thank You Quote this message in a reply
Apr. 19, 2017, 07:36 PM
Post: #18
RE: ssl site access even in BYPASS
downloaded...
but not really urgent at the moment, to be honest...

i personally prefer a route where the browser's "certificate store" is non-existent, fully bypassed, never checked, never updated, totally ignored, et cetera...
Add Thank You Quote this message in a reply
Apr. 21, 2017, 09:01 PM (This post was last modified: Apr. 21, 2017 09:02 PM by ProxRocks.)
Post: #19
RE: ssl site access even in BYPASS
(Apr. 19, 2017 04:45 PM)JJoe Wrote:  Test [fingers crossed]

progress report -


QupZilla [v1.8.9] (portable) -
Capital One 360 Sign In page does the same exact thing that IE8 thru IE11 does (green button turns light green but then NOTHING).
so using ProxHTTPSProxyMII gains me NOTHING.
(edit: but this is a Capital One 360 web site design flaw!)

Pale Moon [v26.5.0] (portable) -
https://verified.capitalone.com - ProxHTTPSProxyMII log and Proxomitron log both show traffic.
Capital One 360 sign in works.
but now Proxo's "menu" (sidki config) in the lower right corner is missing.
no cert warnings, so a step in the right direction.

Opera@USB [v12.18] (portable) -
Proxo's "menu" (sidki config) is back, so step in the right direction
cert warnings every SSL visit - but at least i can "remember my choice" and select Approve.
Capital One 360 working!


so i guess i have a "fix"...

was preferring QupZilla initially, but it hangs sometimes on exit anyway...
plus QupZilla loads 125k+ and two processes into memory (kind of a bloat)...
was my go-to just to avoid d@mn cert warning POS...
the cert CRAP really was my driving factor!

Pale Moon loads 80k+ and also two processes into memory..

Opera@USB loads just over 40k and only one process...
Opera@USB should have been the go-to all along...


okay, with this info, i decided to *remove* ProxHTTPSProxyMII and just go back to Browser+Proxomitron...

also reverted to Opera's default "cert store" (NO cert for Proxo, no approved certs for Capital One 360)...
just the scheme of Proxo SSL Patch and the deleted/renamed certs.pem...
NO CERT WARNINGS...
also no Proxo "menu" (sidki config) at verified.capitalone.com
other than the "menu", everything is working fine, logging in, filtering, no warnings, etc


so my "fix" is to NOT use ProxHTTPSProxyMII and to use Opera@USB for SSL sites...

many thanks for the ProxHTTPSProxyMII suggestion, just not really my cup of tea (i really really REALLY prefer a method where i don't have to "import" certs and nor do i have to 'approve' certs while browsing)...
Add Thank You Quote this message in a reply
Apr. 21, 2017, 10:51 PM (This post was last modified: Apr. 22, 2017 12:00 AM by ProxRocks.)
Post: #20
RE: ssl site access even in BYPASS
the saga continues...

now i cannot get CHASE to work with Opera@USB or with Pale Moon Sad
Add Thank You Quote this message in a reply
Apr. 22, 2017, 04:25 PM
Post: #21
RE: ssl site access even in BYPASS
(Apr. 21, 2017 09:01 PM)ProxRocks Wrote:  but now Proxo's "menu" (sidki config) in the lower right corner is missing.

Probably due to 'mixed' content. The browser 'sees' https but the menu's code is served from http. Many (most?) browsers have a setting to allow this. Some older ones didn't care.

(Apr. 21, 2017 09:01 PM)ProxRocks Wrote:  cert warnings every SSL visit

I suspect the ProxHTTPSProxyMII cert was in the wrong place, absent, or somehow incompatible.
Add Thank You Quote this message in a reply
Apr. 24, 2017, 06:17 AM (This post was last modified: Apr. 24, 2017 07:35 AM by ProxRocks.)
Post: #22
RE: ssl site access even in BYPASS
you are correct - mixed content...
Add Thank You Quote this message in a reply
Apr. 24, 2017, 09:29 AM
Post: #23
RE: ssl site access even in BYPASS
tried Portable Chromium 15 and 46...
--ignore-certificate-errors --allow-running-insecure-content

some 'secure' sites don't think v46 is "new enough" Sad


best bet so far seems to be (and i really REALLY hate HATE this!) is Portable Firefox ESR v52.1.0 (which does open the door for "newer" Avant than my first trials with Avant)...

in Firefox's "about:config", changed 'security.mixed_content.block_active_content" to FALSE

NOT using ProxHTTPSProxyMII...
NOT using half-SSL (may try to bring this back, undecided)...
NOT using Prox's "certs.pem"...

AM using ssl-patched Proxo...
AM using SSL dll's...
Add Thank You Quote this message in a reply
Apr. 25, 2017, 01:11 AM
Post: #24
RE: ssl site access even in BYPASS
Firefox is ruled out (thankfully!)...

giving up on one browser for all (several dozen ssl sites are needed for work)...

i'm able to get all BUT ONE to work with QupZilla...
that solitary ONE works 'best' in Chromium...

really ticks me off that the ONE won't play nice !!! !!! !!!
but i can tell from the source code that they are still "tinkering", so who knows a month from now...
Add Thank You Quote this message in a reply
Yesterday, 05:57 AM
Post: #25
RE: ssl site access even in BYPASS
(Apr. 21, 2017 10:51 PM)ProxRocks Wrote:  the saga continues...

now i cannot get CHASE to work with Opera@USB or with Pale Moon Sad

I can't get chase to work with Pale Moon either.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: