+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: ProxHTTPSProxy (/forumdisplay.php?fid=48)
+--- Thread: ProxHTTPSProxyMII: Reloaded (/showthread.php?tid=2172)
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Jul. 17, 2019 05:15 PM
(Jul. 13, 2019 09:09 PM)amy Wrote: Looking at that page, there is some sort of tracking/fingerprinting JavaScript on it, which I did not run but it looks very suspicious to me --- stuff like that reminds me of hacked sites where a malware script has been injected.I suspect this is some kind of protection.
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Oct. 03, 2019 07:28 PM
Once I already asked, but no solution was found. Therefore, I will now describe the problem in more detail. There is a system on Windows 7 x86. Access to the Internet is possible only through the corporate proxy 192.168.32.1:80. So I made the following settings, in ProxHTTPSProxyMII added:
Code:
[GENERAL]
ProxAddr = http://localhost:8118
FrontPort = 8079
RearPort = 8081
DefaultProxy = http://192.168.32.1:80in Privoxy:
Code:
...
listen-address 127.0.0.1:8118
...
forward / 192.168.32.1:80
...In this form, everything works. But there is one problem, sometimes you need to add some sites to ProxHTTPSProxyMII in the [SSL Pass-Thru] section, because they do not work through the proxy. For example, I added http://www.google.com. As a result, I get google website not working. The error message appears: "[Errno 11004] getaddrinfo failed: https://www.google.com:443/", as if it could not resolve http://www.google.com. The problem is that http://www.google.com on this computer resolves normally if I register only the corporate proxy in the browser. Well, if you do not add anything to the [SSL Pass-Thru] section, it also works. Because it was just an example, then I add other sites there, but they do not work anyway. The question is, why does a site added to the [SSL Pass-Thru] section stop working? In the network settings of the network card, the IP address of the gateway is specified manually (it matches the proxy) and the ip address of this computer.
Does not work (in the [SSL Pass-Thru] section):
![[Image: 619ed645d21c.png]](https://b.radikal.ru/b27/1910/6a/619ed645d21c.png)
Works:
![[Image: b1194d9619a1.png]](https://b.radikal.ru/b17/1910/12/b1194d9619a1.png)
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Oct. 05, 2019 04:01 AM
(Oct. 03, 2019 07:28 PM)vlad_s Wrote: The question is, why does a site added to the [SSL Pass-Thru] section stop working?
I think there is at least one bug in ProxHTTPSProxyMII.
In my tests over the last several hours on Win10, adding a site to the [SSL Pass-Thru] section may also bypass the DefaultProxy.
If true, sites you added to [SSL Pass-Thru] may not work because the corporate proxy isn't being used.
(Oct. 03, 2019 07:28 PM)vlad_s Wrote: Access to the Internet is possible only through the corporate proxy 192.168.32.1:80
If this proxy is also a man-in-the-middle, you may want to add its certificate to ProxHTTPSProxyMII's cacert.pem.
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Oct. 05, 2019 07:05 PM
So the sites in the [SSL Pass-Thru] section generally go right despite the setting "DefaultProxy = http://192.168.32.1:80" (I correctly understood that this is for a higher proxy)? That is not pleasant. The corporate proxy does not decrypt the traffic, but simply allows it apparently through the CONNECT method.
And if I add to the [PROXY http://192.168.32.1:80] section (which is not currently available) non-working sites? Can this help?
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Oct. 06, 2019 04:18 AM
(Oct. 05, 2019 07:05 PM)vlad_s Wrote: And if I add to the [PROXY http://192.168.32.1:80] section (which is not currently available) non-working sites? Can this help?
Doesn't help me.
I should note that, for these tests, I have been using the Proxomitron as a DefaultProxy.
Code:
[GENERAL]
ProxAddr = http://localhost:8081
FrontPort = 8079
RearPort = 8081
DefaultProxy = http://127.0.0.1:8080Edit: added ", for these tests," for clarity
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Oct. 06, 2019 05:33 PM
I do not understand what then is DefaultProxy? I am using Privoxy + ProxHTTPSProxyMII. On linux, I use the same thing, but DefaultProxy is not involved in my case (commented out). The scheme on Windows 7 is used elsewhere, but there, as I already described, has its own proxy and the Internet only works through it. I understood so that DefaultProxy is a parent proxy, i.e. the one that 192.168.32.1:80? If the Internet goes "directly", then you do not need to register any DefaultProxy?
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Oct. 06, 2019 08:25 PM
(Oct. 06, 2019 05:33 PM)vlad_s Wrote: I do not understand what then is DefaultProxy?...
I understood so that DefaultProxy is a parent proxy, i.e. the one that 192.168.32.1:80?
If the Internet goes "directly", then you do not need to register any DefaultProxy?
This is correct. Looks like you understand.
(Oct. 06, 2019 04:18 AM)JJoe Wrote: I should note that, for these tests, I have been using the Proxomitron as a DefaultProxy.
Usually, I don't use a DefaultProxy.
I needed to add a DefaultProxy to check for bugs. So, I used the Proxomitron.
This means ProxHTTPSProxyMII FrontPort is directly connected to its RearPort.
Which should work but... I have not extensively tested.
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Nov. 29, 2020 10:20 AM
Some sites (mostly stores) are not loaded via ProxHTTPSProxyMII even if you don't use Privoxy, i.e. if ProxHTTPSProxyMII is "closed on itself". There is a message on the Internet that this is protection against parsing and you need to use some kind of selenium. How to get this off within ProxHTTPSProxyMII; whether it is possible to cut the verification code using Privoxy. Here is the source code for such a site (http://www.vseinstrumenti.ru), passed through ProxHTTPSProxyMII:
Code:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rev="x-refresh" href="/ciez2a">
</head>
<body>
<script type="text/javascript">
function md5cycle(e,t){var i=e[0],a=e[1],r=e[2],n=e[3];a=ii(a=ii(a=ii(a=ii(a=hh(a=hh(a=hh(a=hh(a=gg(a=gg(a=gg(a=gg(a=ff(a=ff(a=ff(a=ff(a,r=ff(r,n=ff(n,i=ff(i,a,r,n,t[0],7,-680876936),a,r,t[1],12,-389564586),i,a,t[2],17,606105819),n,i,t[3],22,-1044525330),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[4],7,-176418897),a,r,t[5],12,1200080426),i,a,t[6],17,-1473231341),n,i,t[7],22,-45705983),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[8],7,1770035416),a,r,t[9],12,-1958414417),i,a,t[10],17,-42063),n,i,t[11],22,-1990404162),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[12],7,1804603682),a,r,t[13],12,-40341101),i,a,t[14],17,-1502002290),n,i,t[15],22,1236535329),r=gg(r,n=gg(n,i=gg(i,a,r,n,t[1],5,-165796510),a,r,t[6],9,-1069501632),i,a,t[11],14,643717713),n,i,t[0],20,-373897302),r=gg(r,n=gg(n,i=gg(i,a,r,n,t[5],5,-701558691),a,r,t[10],9,38016083),i,a,t[15],14,-660478335),n,i,t[4]...
!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e(t.JSEncrypt={})}(this,function(t){"use strict";var e="0123456789abcdefghijklmnopqrstuvwxyz";function a(t){return e.charAt(t)}function i(t,e){return t&e}function u(t,e){return t|e}function r(t,e){return t^e}function n(t,e){return t&~e}function s(t){if(0==t)return-1;var e=0;return 0==(65535&t)&&(t>>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function o(t){for(var e=0;0!=t;)t&=t-1,++e;return e}var h="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function c(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=h.charAt(i>>6)+h.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,...
var ipp = {
decrypt:function()
{
var decrypt = new JSEncrypt();
decrypt.setPrivateKey("MIIkKQIBAAKCCAEArbPJ2oT3hg+ccBRS5/4QqyvCCG589gxVdyl5itf+6n3EXxv0wff1XFKGCqsufCTL+uz7Ipk604cnlf68Qn1rNaE3D/3l61n60IGbO6uIIYUt9SRW2pzltFTAV2bQl50rCEOCKkayhuD54hphgv8JDAHbH37lUhh1SLOvLOz8MDz0lzGylt8lY3IfcJSp7dyM0qQwQHK7cVKnShZmOXpgoYm2qMJ04A3Jj/vRim67gZ/lFLvavEQyav97pJaVp9Cnx++WHqJPwN9p/qABLVFUQfLx9wGxpkR7uicnX12NvDJBNFTficpiCX+vOx8xky8Zk+thGELYgnmcGcXFMYHd13PIK9hRoxU5Q+PvBNg4vO0irv44/2fHMZ94VzTCFiQhC9HCBuLpp2uKD6TFb8D/V2d1Vtt/GWfs5BaXJHS959QjX7s8S217a+XzqvzCqsJsUGHaSwKJUsgVscGlxil1HuppIpEFbX45i+GMqxhWQixuFZTwXsbJ/cuD0+iNdVGUzk276fM6LVo/W+8jujYeMHA/Xn8Pk053LDGTaFIy/spXJ0kkfdP0sI0OJi5o8A82/hOx+45fOkQosxbkIIYY7uzdB4lUFtMrkqij+xhO0zwZvV2lJ3rduILPbh0wC6TZbjSvB530ANa7DtUHiI+BMg029ODmdrrcbPPqQFCb4yE8L5atLfdVZ6YcOhd4A/oFwa0ir9DHCO8M4KqB1JrgJ+otQ8mjn7/eGPnXjINP5EJJ2GhC9XYMt7/LU0ImGHNQJjX1LMYkY...
return decrypt.decrypt("p2UzabyGpfcr5+Okmhp1E8IymaVHmBvpiOqR3N/vLyEc0VFgByb7sqjhLj1YbvQ7CGfo6yVcc20mQKsJhrdxJM7+HlXSs/6r3rUrj3EuRkKXfq1kkGgxWHYMssmUcbq9irIE027+oo5zEa+mUYzV6YkH23HXvTaowsdWzUSFcGOlhztGzAYMpag9nFs0GIrNN6ZQqdgmyEK0RdS551x2M5izqTPiwiwMS9JbnvH3/JY0oOnHd2zYTLp+fieAdBmCPjAeG8GiScL2uuuXGB6IqFftvDT2wJaU+8Kjln2ZzfBrkvZ7XeYfguEJLFdxK8bP2dapnkuMzxOwopmuOkj9E98o0oMvY2AyVsPqeggQBUj8a21w7FnNtc9S7+E9LF+zYmxm9bifZe00EsvLKfk1LdNcy7i9x1PhZ8gxr4rb9Frm4bbkGCzeD79pf1IUP68B64Goys2WIlpVTe807uQ/PtPaOJZiJzi8m9k4eKGbAj5xOEw+4+qPal/CVr7Thn+4f/8MujxeRW6gjrDoW+NO8JWu5ACKbxxFECKUNypFefElUGn0g0SVnigchZSq/AT5IZwVKmO5NyjHnG3lRO3tRsi7Faa65oQlf9a33SQkBahdIuumvKqDYKHbk9AYvHPwQjKKbOzIAnMGjOB0x4/pbiTxWyC9kItmpTLvYIT1IuAQHIJQ4vJ7VdmWbnZHLMdS5qDsDt/OMas/H5mu2Rg0ESF4HshFg7V2RGQjHD0LpMIeMpGJWZBQoopGFJ317UGf60HqvJm7sZT0jGcWSJY6edHO...
},
setCookie:function()
{
document.cookie="ipp_key=" + this.decrypt() + "; path=/;";
document.cookie="ipp_uid=1606644003447/UaQF9mhDt5ANFkP4/3tHYkjHr0DQQjC11Kx7xgA==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
document.cookie="ipp_uid1=1606644003447; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
document.cookie="ipp_uid2=UaQF9mhDt5ANFkP4/3tHYkjHr0DQQjC11Kx7xgA==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
},
makeUrl:function(url)
{
url += "fa821dba_ipp_key=" + this.decrypt() + "&" + "fa821dba_ipp_uid=1606644003447_UaQF9mhDt5ANFkP4_3tHYkjHr0DQQjC11Kx7xgA" + "&" + "fa821dba_ipp_uid1=1606644003447" + "&" + "fa821dba_ipp_uid2=UaQF9mhDt5ANFkP4_3tHYkjHr0DQQjC11Kx7xgA";
return url;
}
};
(new Fingerprint2).get(function(e,t){
salt="1457862694";
document.cookie="ipp_sign="+e+"_"+salt+"_"+md5(e+salt)+"; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
ipp.setCookie();
window.location.href = "https://just.ru/?" + window.location.hash;
})
</script>
</body>
</html>RE: ProxHTTPSProxyMII: Reloaded - JJoe - Dec. 02, 2020 05:17 AM
(Nov. 29, 2020 10:20 AM)vlad_s Wrote: Some sites (mostly stores) are not loaded via ProxHTTPSProxyMII even if you don't use Privoxy, i.e. if ProxHTTPSProxyMII is "closed on itself". There is a message on the Internet that this is protection against parsing and you need to use some kind of selenium. How to get this off within ProxHTTPSProxyMII; whether it is possible to cut the verification code using Privoxy. Here is the source code for such a site (www.vseinstrumenti.ru), passed through ProxHTTPSProxyMII:
Browsers usually use the GET method to access https sites.
Our proxies use the CONNECT method when
You won't be able to filter but www.vseinstrumenti.ru may work after you add
Code:
www.vseinstrumenti.ruto the [SSL Pass-Thru] section of config.ini
Edit Dec. 02, 2020 01:57: Correction (strikethough) to reflect whenever's post below.
Edit Dec. 06, 2020: Added more.
RE: ProxHTTPSProxyMII: Reloaded - whenever - Dec. 02, 2020 07:19 AM
(Dec. 02, 2020 05:17 AM)JJoe Wrote: Our proxies use the CONNECT method when parsing https.
CONNECT method is used between browsers and ProxHTTPSProxyMII. The remote server usually will not receive CONNECT requests, unless it's a proxy server too.
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Dec. 02, 2020 06:39 PM
(Dec. 02, 2020 07:19 AM)whenever Wrote: ...
Pleased to see you.
Hope all is well.
Site's code has changed. Proxomitron can alter the new code but there is still some unexpected behavior.
Previously, a direct or SSL Pass-Thru request for www.vseinstrumenti.ru would refresh to www.vseinstrumenti.ru/ciez2a.
A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.
I'll chase this some more later.
Got to go now.
Edit: Removed confusion
RE: ProxHTTPSProxyMII: Reloaded - amy - Dec. 03, 2020 02:45 AM
(Dec. 02, 2020 06:39 PM)JJoe Wrote: A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Dec. 03, 2020 04:05 AM
(Dec. 03, 2020 02:45 AM)amy Wrote: I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.
So can I. The site changed coding between my first and second posts. Perhaps our activity led them to reconsider but it makes solving the puzzle more difficult.
ATM I'm wondering, if they polled our cipher suites to detect us. And if Cloudflare does the same.
When I visit https://offerup.com/, with the Proxomitron active, Cloudflare returns 403 Forbidden with a CAPTCHA form.
The "unexpected behavior" that I mentioned at vseinstrumenti is a different puzzle.
Also pleased to see you and vlad_s.
Hope all is well.
RE: ProxHTTPSProxyMII: Reloaded - vlad_s - Dec. 06, 2020 11:36 AM
(Dec. 03, 2020 02:45 AM)amy Wrote:No, the browser is fine if you make an exception for that site.(Dec. 02, 2020 06:39 PM)JJoe Wrote: A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.
(Dec. 02, 2020 05:17 AM)JJoe Wrote: You won't be able to filter but www.vseinstrumenti.ru may work after you addAdded, but it did not help either. As a result, I made another unrelated list of exclusions for such sites, it is processed by another proxy.
Code:
www.vseinstrumenti.ru
to the [SSL Pass-Thru] section of config.ini
because [SSL Pass-Thru] doesn't use CONNECT.
Edit: Correction (strikethough) to reflect whenever's post below.
By the way, in Privoxy 3.0.29 you can now filter https
.Edit by JJoe: Added strikethough
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Dec. 06, 2020 06:13 PM
(Dec. 06, 2020 11:36 AM)vlad_s Wrote:(Dec. 02, 2020 05:17 AM)JJoe Wrote: You won't be able to filter but www.vseinstrumenti.ru may work after you addAdded, but it did not help either.
Code:
www.vseinstrumenti.ru
to the [SSL Pass-Thru] section of config.ini
because [SSL Pass-Thru] doesn't use CONNECT.
Edit: Correction (strikethough) to reflect whenever's post below.
I'm now wondering why it worked for me...
(Dec. 06, 2020 11:36 AM)vlad_s Wrote: By the way, in Privoxy 3.0.29 you can now filter https
Is good news that somebody should post, https://prxbx.com/forums/forumdisplay.php?fid=49