Post Reply 
prox-config-sidki_2019-01-26b1
Mar. 10, 2019, 05:11 AM (This post was last modified: Mar. 10, 2019 05:16 AM by JJoe.)
Post: #1
prox-config-sidki_2019-01-26b1
I'm tired of looking at it...
Now it's your turn.


.zip  prox-config-sidki_2019-01-26b1.zip (Size: 586.19 KB / Downloads: 108)

*******************************************************************************
ProxomitronReborn_4603R Config -- Sidki 2019-01-26b1 -- ReadMe
*******************************************************************************

These configs should work with Chrome, Firefox, IE8-11, Edge, and variants.
Most of the time, I use 'uNorm' with a Chrome variant, Opera portable, on Win10.


There are three choices:

sidki_2019-01-26b1, sidki_2019-01-26b1-uNorm, and sidki_2019-01-26b1-MII.

sidki_2019-01-26b1 and -MII work like previous CFGs.
List calls in a filter's URL match are tested against the actual URL, which may
contain port and Proxomitron related strings.

sidki_2019-01-26b1-MII is for ProxHTTPSProxyMII,
http://www.prxbx.com/forums/showthread.php?tid=2172 .
May be used with N4.5j to confirm 4603R behavior.

sidki_2019-01-26b1-uNorm uses the variable uNorm.
uNorm equals \h\p\q minus (Proxomitron related queries).
Since uNorm does not contain protocol or port, lists that test uNorm do not
use "https:" or ":443". The set's filters that use
AllowCookies, Exceptions, Exceptions-U, and AdHosts-J
are testing uNorm.
Also, removing Proxomitron related queries allows commands like
"?prx-command=dbug.." to always work as expected.

26b1 and 26b1-uNorm are preset to provide nag free HTTPS filtering. This
requires ProxomitronReborn_4603R, OpenSSL DLLs, proxcert.pem, and enabling
the 4603R local.ptron HTTPS server.


Enabling local.ptron HTTPS server:

26b1 and 26b1-uNorm use the 4603R local.ptron HTTPS server. To enable the
server, 4603R must start with an SslPort enabled cfg.
Either add the ability to your default cfg or use a shortcut with a
command line option or use a bat file to start 4603R with an SslPort enabled cfg.

To add a command line option: right click on the shortcut, choose Properties,
append a space followed by the cfg's file name to the Target field.
Example:
"C:\Users\P\Programs\ProxN45j-amy\Prx4603R.exe" sidki_2019-01-26b1-uNorm.ptron


First Run with 4603R filtering HTTPS:

Extract prox-config-sidki_2019-01-26b1.zip and Proxo_OpenSSL_101Q_DLLs.zip,
http://www.prxbx.com/forums/showthread.php?tid=2179&pid=18693#pid18693
, to the Proxomitron's folder.

Start 4603R and witness the glory of "The Proxomitron Intro Page".

Generate proxcert.pem and exit 4603R.
http://prxbx.com/forums/showthread.php?tid=2331&pid=19600#pid19600

Add proxcert.pem to browser's certificate store.

Configure browser to use proxy for HTTP & HTTPS.
Both addresses are 127.0.0.1 or localhost and the port is 8080.

Download cacert.pem, https://curl.haxx.se/docs/caextract.html ,
to The Proxomitron's folder and rename it certs.pem.

Use sidki-2019-01-26b1-uNorm.bat or sidki-2019-01-26b1.bat
to start ProxomitronReborn_4603R.exe,


** WARNING **

Be aware! These instructions may provide a nag free, "green lock" HTTPS experience.

Scott R. Lemmon's advice from 2003 still applies:

"This mode is experimental! I would strongly discourage using active
SSL filtering for important transactions such as on-line banking or purchases.
The connection may not be as secure, and it's better not to risk a filter
potentially creating troubles on such a page. However, since the casual use
of SSL on less important pages is increasing, sometimes you may wish to
filter it anyway. Still, keep in mind that you do so at your own risk."


More info:

Naoko4.5j (2003-6-1) is the final release from the author, Scott R. Lemmon.
4603R is a "testing" release from amy's project to recreate a Proxomitron for
2019 and beyond. http://www.prxbx.com/forums/showthread.php?tid=2331 or
cProxomitron_Reborn.html in this zip.

To use the CFGs with Naoko 4.5j,
disable the header filter "Use Local.Ptron https file server ProxN46R+" or
"Use ProxHTTPSProxyMII".


Even more info? Change Log?

Assuming this set's zip has been extracted, click on a sidki_Contents_docs
shortcut. Otherwise, files are in the sidki-etc folder.


Blocking:
uNorm, yes or no?
Unexplained crashes and behavior.
Insufficient testing and knowledge.
HTTPS logic.
List entries pruned but not all have been corrected, https://publicwww.com/ .
Documentation.
Health, wealth, pursuit of happiness, time.... Wink


Be careful
Have fun :-)
JJoe

P.S.

CreateProxomitronReborn_4603R.exe is a patching program. Given an original
Proxomitron N4.5j exe, it will create ProxomitronReborn_4603R.exe.
http://proxomitron.info/

zlib.dll is Copyright © 1995-2017 Jean-loup Gailly and Mark Adler.
A modern version may be found at
https://github.com/gdalsnes/zlibnet/releases
Rename zlib32.dll in zlib.1.2.8.1.zip to zlib.dll .
Add Thank You Quote this message in a reply
[-] The following 8 users say Thank You to JJoe for this post:
referrer, eclipse, usr, Kye-U, whenever, Callahan, defconnect, mizzmona
Mar. 19, 2019, 06:39 AM
Post: #2
RE: prox-config-sidki_2019-01-26b1
Have been waiting for an update for years. Will definitely try it.

Besides the Thank button, I have to make a post to express my feelings. Thank you very very much! Thumbs Up
Add Thank You Quote this message in a reply
Mar. 22, 2019, 02:56 AM
Post: #3
RE: prox-config-sidki_2019-01-26b1
Could you please look into https://www.fedex.com/apps/fedextrack/?a...6409062600?

I have tried below entry to disable possible false kills I could think of but the only way to make that url work is to bypass both Web Page Filters and Incoming Header Filters.

Code:
www.fedex.com/                                  $SET(0=a_adcomm1.i_loc_j:0.a_comm_i.)
Add Thank You Quote this message in a reply
Mar. 22, 2019, 03:50 AM
Post: #4
RE: prox-config-sidki_2019-01-26b1
(Mar. 22, 2019 02:56 AM)whenever Wrote:  Could you please look into https://www.fedex.com/apps/fedextrack/?a...6409062600?

If using uNorm or MII, try

Code:
www.fedex.com/   $SET(0=a_adcomm1.a_adjsex.)
or
Code:
www.fedex.com/   $SET(0=a_adcomm1.a_adfn2.a_adjsex.)

Otherwise,

Code:
www.fedex.com:   $SET(0=a_adcomm1.a_adjsex.)
or
Code:
www.fedex.com:   $SET(0=a_adcomm1.a_adfn2.a_adjsex.)
Add Thank You Quote this message in a reply
Mar. 22, 2019, 08:49 AM
Post: #5
RE: prox-config-sidki_2019-01-26b1
Thanks. I'm using uNorm and the entry works on Chrome variant, but not Firefox (66.0).

Also, the Prox Menu doesn't show on FF either.
Add Thank You Quote this message in a reply
Mar. 22, 2019, 04:23 PM (This post was last modified: Mar. 22, 2019 04:24 PM by JJoe.)
Post: #6
RE: prox-config-sidki_2019-01-26b1
The entry and the Prox Menu work for me with Firefox (66.0).
Hmmm... Try:

Import to fix Prox Menu
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: 3 fix proxjs-full.js 19.03.22 (d.r) (In) [add]"
URL = "(local.ptron(:[0-9]+)+/sidki_h|/sidki_h)[^/]+/proxjs-full.js"
Match = "text/plain"
Replace = "application/javascript"

Entry to fix fedex
Code:
www.fedex.com/   $SET(0=a_adcomm1.a_adjsex.a_cont_typ.)
Add Thank You Quote this message in a reply
[-] The following 1 user says Thank You to JJoe for this post:
whenever
Mar. 24, 2019, 09:33 AM
Post: #7
RE: prox-config-sidki_2019-01-26b1
Sorry. It's my bad. I forgot to whitelist local.ptron in uBlock. After doing that, the Prox menu comes back and the fedex entry works, even without applying the latest fixes you suggested. Thumbs Up
Add Thank You Quote this message in a reply
Mar. 27, 2019, 01:17 PM
Post: #8
RE: prox-config-sidki_2019-01-26b1
The new filter <link> Remove: Prefetch Tags 19.1.20 [sd] (d.0) sometimes prevents css from loading and there is no exception keyword for the filter yet.

Test url: https://www.appinn.com/mikutools-online/
Add Thank You Quote this message in a reply
Mar. 28, 2019, 02:31 AM
Post: #9
RE: prox-config-sidki_2019-01-26b1
Let's change to

Code:
[Patterns]
Name = "<link> Remove: Prefetch Tags     19.03.27 [sd] (d.0)"
Active = TRUE
URL = "$TST(hCT=*html)"
Bounds = "<link\s*>"
Limit = 256
Match = "*rel=$AV((prefetch|prerender|next)\2)*"
        "&*href=$AV(\1)"
        "&($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB Prefetch_link \t\1 \t\u)|)"
Replace = "<span class="Pr0x Pr0xTrack" style="display:$GET(displayD)" title=\1>"
          "&#8593;<a class="Pr0x Pr0xTrack" href="\1">\2 Link</a>"
          "</span>"

The attributes prefetch, prerender, and next tell the browser to fetch resources that may never be needed.
I prefer to fetch only what I need.

I don't think blocking just these will break anything but the site may feel slower.

(Mar. 27, 2019 01:17 PM)whenever Wrote:  The new filter <link> Remove: Prefetch Tags 19.1.20 [sd] (d.0) sometimes prevents css from loading and there is no exception keyword for the filter yet.

Test url: https://www.appinn.com/mikutools-online/
Add Thank You Quote this message in a reply
Mar. 28, 2019, 02:54 AM
Post: #10
RE: prox-config-sidki_2019-01-26b1
Local.ptron is sending "text/plain" content-type for scripts. If we don't correct the content-type the browser may reject our scripts.

I prefer the attached URL-Parser.ptxt to the filter.

(Don't filter this download)

.ptxt  URL-Parser.ptxt (Size: 2.16 KB / Downloads: 62)

(Mar. 22, 2019 04:23 PM)JJoe Wrote:  Import to fix Prox Menu
Code:
[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: 3 fix proxjs-full.js 19.03.22 (d.r) (In) [add]"
URL = "(local.ptron(:[0-9]+)+/sidki_h|/sidki_h)[^/]+/proxjs-full.js"
Match = "text/plain"
Replace = "application/javascript"
Add Thank You Quote this message in a reply
Mar. 28, 2019, 08:18 AM
Post: #11
RE: prox-config-sidki_2019-01-26b1
(Mar. 28, 2019 02:31 AM)JJoe Wrote:  The attributes prefetch, prerender, and next tell the browser to fetch resources that may never be needed.
I prefer to fetch only what I need.

Thanks. Maybe we should include dns-prefetch and preconnect too. We may also need to block them in HTTP Link: header.

Reference:

- https://developer.mozilla.org/en-US/docs...tching_FAQ
- https://www.keycdn.com/blog/resource-hints
Add Thank You Quote this message in a reply
Sep. 13, 2019, 11:51 PM (This post was last modified: Sep. 14, 2019 07:44 AM by thypentacle.)
Post: #12
RE: prox-config-sidki_2019-01-26b1
Just wanted to thank you for working on this filter set. I recently jumped back into getting Proxomitron working again after I found out there was a new version with bug fixes and was thrilled to see there was also this newer filter set to use as a base. I noticed however, there are a few things about this set I had to adjust to get it somewhat working for me.

1. If I don't edit the allowed ciphers box in the HTTPS tab of Proxomitron(Reborn) from 'SSLv2' to 'SSLv3', it does not pass SSL security checks properly.
2. If I don't disable the web page filter 'set flags if headers are bypassed' the bypass button function does not work. (seems to work fine if you disable that filter)
3. (this one I have yet to find a fix for) With the 'web page filters' checkbox active (even if none of them are actually selected within) some websites don't seem to load, or even start loading. When this function is completely disabled, everything loads fine. (as long as edits 1-2 above are done) I find it odd that if I enable the web filter function, but then during testing disable all the actual filters inside, the pages still won't load. Perhaps it's a ptext filtering file doing something, but it does it even if there are not any filters active in there to call one... I don't have a clue.

Anyways, beyond adding the linked 'URL-Parser.ptxt' update file in another post above, and making edits 1-2 mentioned, I have done nothing else to this filter set. Hopefully it's safe with those edits (security scanners seem to think it is anyways... but it's still loading the SSL ciphers out of order and mixing in the weak ones before some of the good ones). As it is now, I can only use the header filtering (because of issue 3 above).

For reference I am using Proxomitron Reborn 4.6.0.4R, using SSL files v1.0.1q, newest 'certs.pem' (renamed / from Firefox), zLib v1.2.8.1, and 'msvcr70.dll' dated Jan 5 2002.

Really appreciate the work being done on this... and I know my post is way after the fact and said work may in fact be dead now... but I hope it isn't.
We really need to get a fully fixed up Proxomitron Reborn pack with updated DLLs and a proper filter set included all zipped and ready to share somewhere. Getting this thing to function properly, though fun, can be a real job indeed! Big Teeth

EDIT: Just did some late night testing and fixed a few issues by simply deleting the 'zlib.dll' file. Proxomitron Reborn doesn't seem to need it and when it's in there some pages won't load. With it gone, everything also seems to load faster. I also deleted the 'msvcr70.dll' file as that is apparently not required by anything but the original Proxomitron exe. ... Only drawback I see so far with the zlib file gone is the prox menu and information overlay stuff vanished. (small price to pay for the page actually loading tho) I'll have to play around with it more tomorrow and see if I can fix the remaining problems. (but hey, at least now I can enable the web page filtering stuff) :P


Attached File(s)
.jpg  Proxo.jpg (Size: 424.81 KB / Downloads: 15)
Add Thank You Quote this message in a reply
Sep. 14, 2019, 03:07 PM
Post: #13
RE: prox-config-sidki_2019-01-26b1
So today I'm attempting to get zlib to function... I guess the only reason removing the 'zlib.dll' file fixes some pages is cause they are not decoded. (also why it can't inject the prox menu I spose) The proxy can still filter to some extent, but it can't open the HTML directly for edits... man this software can be annoying. Big Teeth
Add Thank You Quote this message in a reply
Sep. 15, 2019, 02:08 AM
Post: #14
RE: prox-config-sidki_2019-01-26b1
1. Which SSL security checks?

2. I don't have this problem.

3. Can you post some affected websites?

(Sep. 13, 2019 11:51 PM)thypentacle Wrote:  1. If I don't edit the allowed ciphers box in the HTTPS tab of Proxomitron(Reborn) from 'SSLv2' to 'SSLv3', it does not pass SSL security checks properly.
2. If I don't disable the web page filter 'set flags if headers are bypassed' the bypass button function does not work. (seems to work fine if you disable that filter)
3. (this one I have yet to find a fix for) With the 'web page filters' checkbox active (even if none of them are actually selected within) some websites don't seem to load, or even start loading. When this function is completely disabled, everything loads fine. (as long as edits 1-2 above are done) I find it odd that if I enable the web filter function, but then during testing disable all the actual filters inside, the pages still won't load. Perhaps it's a ptext filtering file doing something, but it does it even if there are not any filters active in there to call one... I don't have a clue.

(Sep. 13, 2019 11:51 PM)thypentacle Wrote:  and I know my post is way after the fact and said work may in fact be dead now...

Not dead.

(Sep. 14, 2019 03:07 PM)thypentacle Wrote:  (also why it can't inject the prox menu I spose)

Did you enable 4604R's local.ptron HTTPS server?
To enable the
server, 4604R must start with an SslPort enabled cfg.
Add Thank You Quote this message in a reply
Sep. 15, 2019, 02:42 AM
Post: #15
RE: prox-config-sidki_2019-01-26b1
For issue 1, If you don't edit the v2 into a v3 you get several red 'insecure' results with the following two example tests:

https://browserleaks.com/ssl
https://www.ssllabs.com/ssltest/viewMyClient.html

After the edit they pass fine.

For issue 2 I think I fixed that one on my end by not using Opera. Pretty sure it was the browser being dumb and refusing to let that work or something. When I switched to Firefox it stopped doing that. (I did note that pushing the 'abort' button can crash the app sometimes tho... so maybe I broke the 'bypass' feature when I did that.)

For issue 3 here's a few that fail loading...

https://community.quirky.com/login
https://discordapp.com/channels/@me
https://www.linkedin.com/in/thyinnovation
https://teams.microsoft.com (sometimes works sometimes doesn't)
https://www.vudu.com/content/movies/free (loads kinda but is missing most of it... may not be related)


and yep, I'm starting with the SSL enabled config. It's connecting to itself using the secondary SSL port 8443.

I'm still tinkering with it... I keep a backup of all your original configs to go back to and compare for safety n whatnot. Really the main thing I can't seem to track down is why some pages fail to load. I think it may be gzip accepted encoding / deflate failure, but I'm not sure. (I can of course set up a bypass for these web pages, but I'm just trying to figure out why it's not working first so that maybe I can fix it in a more lasting fashion.)

Thanks again for working on the filter and I'm glad it's not dead. Smile!
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: