Post Reply 
ProxHTTPSProxy, a Proxomitron SSL Helper Program
May. 26, 2012, 01:56 PM
Post: #121
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Quote:- If you want to filter all https, set your browser's https proxy to ProxHTTPSProxy
Code:
# ProxHTTPSProxy
[^/]++:443&$URL(http://*) $SET(0=i_proxy:3.) $SETPROXY(127.0.0.1:8081)

Anybody alive here?

Could you please export your Proxomitron rules for this ProxHTTPSProxy and post it in plain text.

I am trying to use the advised rule in the outgoing header and I only get errors.

People like me can`t think too much. So, a plain rule and a note on how to chain it would be nice.
Add Thank You Quote this message in a reply
May. 26, 2012, 02:09 PM
Post: #122
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 26, 2012 01:56 PM)Gravemind Wrote:  Anybody alive here?

absolutely Smile!

i haven't used the ProxHTTPSProxy program in quite some time so i'll wait to see if others chime in first...
Add Thank You Quote this message in a reply
May. 26, 2012, 11:54 PM
Post: #123
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 26, 2012 01:56 PM)Gravemind Wrote:  Could you please export your Proxomitron rules for this ProxHTTPSProxy and post it in plain text.

Those instructions assume that you are using sidki's set...

Quote:This is how it look like in sidki's Exceptions-U.ptxt:

- If you want to filter all https, set your browser's https proxy to ProxHTTPSProxy
Code:

http://prxbx.com/forums/showthread.php?tid=1870

Assuming that you are not using sidki's but have installed ProxHTTPSProxy and all it's supporting files...

Add ProxHTTPSProxy to the Proxomitron via the "External Proxy Selector", http://proxomitron.info/45/help/External...ialog.html .

Then try adding a filter like

Code:
[HTTP headers]
In = FALSE
Out = TRUE
Key = "! |||||||||||| Use ProxHTTPSProxy  (fail) (Out)"
URL = "[^/]++:443&$URL(http://*)  $SETPROXY(127.0.0.1:8081) (^)"

http://proxomitron.info/45/help/Matching...l#SETPROXY

HTH
Add Thank You Quote this message in a reply
May. 27, 2012, 10:03 PM (This post was last modified: May. 27, 2012 10:16 PM by Gravemind.)
Post: #124
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Add Thank You Quote this message in a reply
May. 28, 2012, 12:52 AM
Post: #125
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 27, 2012 10:03 PM)Gravemind Wrote:  So, did anyone around have real success with it?

From what I remembered, I thought you would have less trouble than you are having. However, I had forgotten about the compiled executable.

Warnings issued would depend on the browser and settings. ProxHTTPSProxy will not warn.

Currently, I am not seeing the redirect from ProxHTTPSProxy (using old installation and browser). Am wondering if Window's update changed something...

Will read the thread and play more later.
Add Thank You Quote this message in a reply
May. 28, 2012, 01:46 AM (This post was last modified: May. 28, 2012 02:00 AM by ProxRocks.)
Post: #126
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
my fingers are crossed...

while i haven't played around with ProxHTTPSProxy for some time now, it has been my high hopes that it would become the wave of the future for anyone (ie, "us geeks") wishing to take matters into their own hands and "at their own risk" AXE the STUPID certificate-check CRAP...

the whole scheme is a crock of crap, we all know that malware sites can "buy" their own signed certificate (aka, "Certificate Authority breach"), so why propagate the MYTH that "certificates" correlate to "safety"? and it has been reported that due to the INEFFECTIVENESS, Chrome will no longer check for Certificate Revocation Lists - why waste the time to check something that is in itself "corrupt"?

i am encouraged that at least Chrome offers an "ignore certificates" startup command (i myself have requested the same from GreenBrowser during a recent auto-update bug report)...

but i digress...
the whole SSL-cert crap really does steam my corn !!!... Mad with Teeth Banging Head
Add Thank You Quote this message in a reply
May. 28, 2012, 02:43 AM
Post: #127
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 28, 2012 12:52 AM)JJoe Wrote:  Currently, I am not seeing the redirect from ProxHTTPSProxy (using old installation and browser). Am wondering if Window's update changed something...

Will read the thread and play more later.

I forgot that I had altered my ProxHTTPSProxy install.

Now working with the header filter that I posted or with the sidki list entry. I still see the browser's mismatched certificate warning, as expected.

I will check the compiled executable next.

Did you set the browser to use ProxHTTPSProxy for https?
Add Thank You Quote this message in a reply
May. 28, 2012, 02:57 AM
Post: #128
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 28, 2012 02:43 AM)JJoe Wrote:  I will check the compiled executable next.

Also works but you will need to update the exe's "proxcert.pem".

http://prxbx.com/forums/showthread.php?tid=1479
or
http://proxomitron.info/files/index.html
Add Thank You Quote this message in a reply
May. 28, 2012, 10:42 AM
Post: #129
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Quote:Warnings issued would depend on the browser and settings. ProxHTTPSProxy will not warn.

Yes, but it seemed to me that it tricked browsers and decrypted on its own. So, shouldn`t there be no warnings if it`s set up for decryption?

Quote:Currently, I am not seeing the redirect from ProxHTTPSProxy (using old installation and browser). Am wondering if Window's update changed something...

Quote:Now working with the header filter that I posted or with the sidki list entry. I still see the browser's mismatched certificate warning, as expected.

Can you upload your ProxHTTPSProxy folder?

http://www.sendspace.com/

Quote:Also works but you will need to update the exe's "proxcert.pem".

Do you mean to get a new pem or change some settings in that proxy`s .py files?

My certificate is fine for 2012. I tried yours also, with the same results. Could be that my system is screwed.

I get the same result with your certificate:

Quote:Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://workflowy.com/

Apache/2.2.12 (Ubuntu) Server at workflowy.com Port 443

Something else is wrong with it.

There may be other programs of the kind. Maybe you know some to decrypt https and feed http into proxomitron?

Maybe "Wireshark"? Supressing the warnings is also great. Maybe "Squid" is able to do that, but even though there were some discussions on its seamless https, they say it feeds encrypted traffic anyway. I also found "Fiddler" among search results, but I don`t know any of its functions yet.

Some way to make Proxomitron on ssl would be great. Fortunately, they can`t host regular ads on https, but there are still some banners from their own servers and other sources. There will be even more in future.
Add Thank You Quote this message in a reply
May. 28, 2012, 05:26 PM
Post: #130
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 28, 2012 10:42 AM)Gravemind Wrote:  Yes, but it seemed to me that it tricked browsers and decrypted on its own. So, shouldn`t there be no warnings if it`s set up for decryption?

The Proxomitron's HalfSSL hides the https from the browser by changing links to http:// before the browser sees them.
ProxHTTPSProxy does not hide the initial https:// request from the browser. The ProxHTTPSProxy certificate may not be what the browser is expecting. Unexpected certificates may get warnings.

Apache/2.2.12 (Ubuntu) Server at workflowy.com Port 443 Wrote:Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

Looks like your ProxHTTPSProxy is providing the redirect but the resulting http:// request is not being converted to https:// by ProxHTTPSProxy.

Consider https://bugzilla.mozilla.org/ .
Browser sends request for https://bugzilla.mozilla.org/ to ProxHTTPSProxy.
ProxHTTPSProxy returns redirect to http://bugzilla.mozilla.org:443/ .
Browser sends http://bugzilla.mozilla.org:443/ request to Proxomitron.
Proxomitron forwards request for http://bugzilla.mozilla.org:443/ to ProxHTTPSProxy.
ProxHTTPSProxy corrects scheme and sends proper request, https://bugzilla.mozilla.org:443/ , to server.

Does the Proxomitron's log window show requests like http://bugzilla.mozilla.org:443/ and are they being sent to ProxHTTPSProxy?

(May. 28, 2012 10:42 AM)Gravemind Wrote:  There may be other programs of the kind. Maybe you know some to decrypt https and feed http into proxomitron?
(May. 28, 2012 10:42 AM)Gravemind Wrote:  Some way to make Proxomitron on ssl would be great.

The Proxomitron can decrypt and filter https. Unfortunately, certificates that the Proxomitron's old ssl routine can't understand and the unexpected certificate that the Proxomitron provides the browser cause unnecessary warnings to be issued.

The problem with providing "seamless https" is that it could be used for evil.

(May. 28, 2012 10:42 AM)Gravemind Wrote:  Can you upload your ProxHTTPSProxy folder?
(May. 28, 2012 10:42 AM)Gravemind Wrote:  Do you mean to get a new pem or change some settings in that proxy`s .py files?

New pem.


.zip  ProxHTTPSProxy_0.4b.zip (Size: 9.82 KB / Downloads: 402)
Add Thank You Quote this message in a reply
May. 28, 2012, 09:08 PM (This post was last modified: May. 28, 2012 09:16 PM by Gravemind.)
Post: #131
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Add Thank You Quote this message in a reply
May. 28, 2012, 09:11 PM (This post was last modified: May. 28, 2012 09:51 PM by Gravemind.)
Post: #132
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Add Thank You Quote this message in a reply
May. 28, 2012, 09:31 PM
Post: #133
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
I forgot the main part.

Use "WinRoll", "4t Tray Minimizer Free" or any other program to hide the ugly black window in the notification area of the task bar or somewhere else.
Add Thank You Quote this message in a reply
May. 28, 2012, 09:44 PM (This post was last modified: May. 28, 2012 09:44 PM by Gravemind.)
Post: #134
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Also, you must have the proxcert.pem from the ProxHTTPSProxy imported into your browsers decryption storage.

It does not guarantee that you will get https working on all website you want.

Https decryption in the Proxomitron should be off.
Add Thank You Quote this message in a reply
May. 29, 2012, 12:11 AM
Post: #135
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
(May. 28, 2012 09:08 PM)Gravemind Wrote:  fails logins on many https sites like "Google".

There can be more to it than hiding https from the browser. You may need to alter other headers like set-cookie and referer.

(May. 28, 2012 09:08 PM)Gravemind Wrote:  Although, I don`t fully understand what happens after the last step. It receives https, decrypts and sends the http back into the Proxomitron?

Correct.

I don't wish to confuse things but can you now see that it is possible to have the browser send both http and https to the Proxomitron and still have the Proxomitron use ProxHTTPSProxy for https?

(May. 28, 2012 09:08 PM)Gravemind Wrote:  The funny thing is that it is still asking for permission and there is the initial warning to add the cert. to exceptions. Since the traffic is supposed to be already decrypted by openssl and the like, and the browser hasn`t sent https request (there was a redirect), the warnings must be suppressed. It is still bugging me that it is coming from the browser while the url bar is not locked. But I may not see the whole picture.

The browser tries to initiate a secure connection with "bugzilla.mozilla.org". Our local proxy steps in and provides its credentials. Unfortunately or fortunately, these credentials (proxcert.pem) do not identify the local proxy as "bugzilla.mozilla.org" but as "Proxomitron". So, user input may be required before the browser will allow a secure connection to be established and data to be sent.

(May. 28, 2012 09:08 PM)Gravemind Wrote:  Yeah, but somehow that totally doesn`t worry me. I found there are entire companies spying on their folks with "man-in-the-middle" proxies. It only took them to import the CA-root certificate for those proxies like "Squid" and "Wireshark" for everybody to notice nothing. It is nice when you can decrypt it for your own use. Like for Proxomitron.

I think it is more difficult to create a remote mitm than you think. Especially since some companies were found to be issuing certificates to allow snooping. Removing or hiding warnings on the local machine would make it easy, however. Again, I think.

(May. 28, 2012 09:08 PM)Gravemind Wrote:  I then uninstalled python 3+, restarted and installed python 2+. And it started working.

Ah, python 3 series actually broke some things, iirc. Apparently, not fixed yet.

Does the compiled executable, http://proxfilter.net/ProxHTTPSProxy.zip , work for you?
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: