Post Reply 
ProxHTTPSProxyMII: Reloaded
Jul. 17, 2019, 05:15 PM
Post: #346
RE: ProxHTTPSProxyMII: Reloaded
(Jul. 13, 2019 09:09 PM)amy Wrote:  Looking at that page, there is some sort of tracking/fingerprinting JavaScript on it, which I did not run but it looks very suspicious to me --- stuff like that reminds me of hacked sites where a malware script has been injected.
I suspect this is some kind of protection.
Add Thank You Quote this message in a reply
Oct. 03, 2019, 07:28 PM
Post: #347
RE: ProxHTTPSProxyMII: Reloaded
Once I already asked, but no solution was found. Therefore, I will now describe the problem in more detail. There is a system on Windows 7 x86. Access to the Internet is possible only through the corporate proxy 192.168.32.1:80. So I made the following settings, in ProxHTTPSProxyMII added:

Code:
[GENERAL]
ProxAddr = http://localhost:8118
FrontPort = 8079
RearPort = 8081
DefaultProxy = http://192.168.32.1:80

in Privoxy:

Code:
...
listen-address 127.0.0.1:8118
...
forward / 192.168.32.1:80
...

In this form, everything works. But there is one problem, sometimes you need to add some sites to ProxHTTPSProxyMII in the [SSL Pass-Thru] section, because they do not work through the proxy. For example, I added http://www.google.com. As a result, I get google website not working. The error message appears: "[Errno 11004] getaddrinfo failed: https://www.google.com:443/", as if it could not resolve http://www.google.com. The problem is that http://www.google.com on this computer resolves normally if I register only the corporate proxy in the browser. Well, if you do not add anything to the [SSL Pass-Thru] section, it also works. Because it was just an example, then I add other sites there, but they do not work anyway. The question is, why does a site added to the [SSL Pass-Thru] section stop working? In the network settings of the network card, the IP address of the gateway is specified manually (it matches the proxy) and the ip address of this computer.

Does not work (in the [SSL Pass-Thru] section):
[Image: 619ed645d21c.png]

Works:
[Image: b1194d9619a1.png]
Add Thank You Quote this message in a reply
Oct. 05, 2019, 04:01 AM
Post: #348
RE: ProxHTTPSProxyMII: Reloaded
(Oct. 03, 2019 07:28 PM)vlad_s Wrote:  The question is, why does a site added to the [SSL Pass-Thru] section stop working?

I think there is at least one bug in ProxHTTPSProxyMII.

In my tests over the last several hours on Win10, adding a site to the [SSL Pass-Thru] section may also bypass the DefaultProxy.

If true, sites you added to [SSL Pass-Thru] may not work because the corporate proxy isn't being used.

(Oct. 03, 2019 07:28 PM)vlad_s Wrote:  Access to the Internet is possible only through the corporate proxy 192.168.32.1:80


If this proxy is also a man-in-the-middle, you may want to add its certificate to ProxHTTPSProxyMII's cacert.pem.
Add Thank You Quote this message in a reply
Oct. 05, 2019, 07:05 PM (This post was last modified: Oct. 05, 2019 07:16 PM by vlad_s.)
Post: #349
RE: ProxHTTPSProxyMII: Reloaded
So the sites in the [SSL Pass-Thru] section generally go right despite the setting "DefaultProxy = http://192.168.32.1:80" (I correctly understood that this is for a higher proxy)? That is not pleasant. The corporate proxy does not decrypt the traffic, but simply allows it apparently through the CONNECT method.
And if I add to the [PROXY http://192.168.32.1:80] section (which is not currently available) non-working sites? Can this help?
Add Thank You Quote this message in a reply
Oct. 06, 2019, 04:18 AM (This post was last modified: Oct. 06, 2019 08:24 PM by JJoe.)
Post: #350
RE: ProxHTTPSProxyMII: Reloaded
(Oct. 05, 2019 07:05 PM)vlad_s Wrote:  And if I add to the [PROXY http://192.168.32.1:80] section (which is not currently available) non-working sites? Can this help?

Doesn't help me.

I should note that, for these tests, I have been using the Proxomitron as a DefaultProxy.

Code:
[GENERAL]
ProxAddr = http://localhost:8081
FrontPort = 8079
RearPort = 8081
DefaultProxy = http://127.0.0.1:8080

Edit: added ", for these tests," for clarity
Add Thank You Quote this message in a reply
Oct. 06, 2019, 05:33 PM (This post was last modified: Oct. 06, 2019 05:34 PM by vlad_s.)
Post: #351
RE: ProxHTTPSProxyMII: Reloaded
I do not understand what then is DefaultProxy? I am using Privoxy + ProxHTTPSProxyMII. On linux, I use the same thing, but DefaultProxy is not involved in my case (commented out). The scheme on Windows 7 is used elsewhere, but there, as I already described, has its own proxy and the Internet only works through it. I understood so that DefaultProxy is a parent proxy, i.e. the one that 192.168.32.1:80? If the Internet goes "directly", then you do not need to register any DefaultProxy?
Add Thank You Quote this message in a reply
Oct. 06, 2019, 08:25 PM
Post: #352
RE: ProxHTTPSProxyMII: Reloaded
(Oct. 06, 2019 05:33 PM)vlad_s Wrote:  I do not understand what then is DefaultProxy?...
I understood so that DefaultProxy is a parent proxy, i.e. the one that 192.168.32.1:80?
If the Internet goes "directly", then you do not need to register any DefaultProxy?

This is correct. Looks like you understand.

(Oct. 06, 2019 04:18 AM)JJoe Wrote:  I should note that, for these tests, I have been using the Proxomitron as a DefaultProxy.

Usually, I don't use a DefaultProxy.

I needed to add a DefaultProxy to check for bugs. So, I used the Proxomitron.
This means ProxHTTPSProxyMII FrontPort is directly connected to its RearPort.
Which should work but... I have not extensively tested.
Add Thank You Quote this message in a reply
Nov. 29, 2020, 10:20 AM (This post was last modified: Nov. 29, 2020 10:27 AM by vlad_s.)
Post: #353
RE: ProxHTTPSProxyMII: Reloaded
Some sites (mostly stores) are not loaded via ProxHTTPSProxyMII even if you don't use Privoxy, i.e. if ProxHTTPSProxyMII is "closed on itself". There is a message on the Internet that this is protection against parsing and you need to use some kind of selenium. How to get this off within ProxHTTPSProxyMII; whether it is possible to cut the verification code using Privoxy. Here is the source code for such a site (http://www.vseinstrumenti.ru), passed through ProxHTTPSProxyMII:
Code:
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <link rev="x-refresh" href="/ciez2a">
</head>
<body>
  <script type="text/javascript">
function md5cycle(e,t){var i=e[0],a=e[1],r=e[2],n=e[3];a=ii(a=ii(a=ii(a=ii(a=hh(a=hh(a=hh(a=hh(a=gg(a=gg(a=gg(a=gg(a=ff(a=ff(a=ff(a=ff(a,r=ff(r,n=ff(n,i=ff(i,a,r,n,t[0],7,-680876936),a,r,t[1],12,-389564586),i,a,t[2],17,606105819),n,i,t[3],22,-1044525330),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[4],7,-176418897),a,r,t[5],12,1200080426),i,a,t[6],17,-1473231341),n,i,t[7],22,-45705983),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[8],7,1770035416),a,r,t[9],12,-1958414417),i,a,t[10],17,-42063),n,i,t[11],22,-1990404162),r=ff(r,n=ff(n,i=ff(i,a,r,n,t[12],7,1804603682),a,r,t[13],12,-40341101),i,a,t[14],17,-1502002290),n,i,t[15],22,1236535329),r=gg(r,n=gg(n,i=gg(i,a,r,n,t[1],5,-165796510),a,r,t[6],9,-1069501632),i,a,t[11],14,643717713),n,i,t[0],20,-373897302),r=gg(r,n=gg(n,i=gg(i,a,r,n,t[5],5,-701558691),a,r,t[10],9,38016083),i,a,t[15],14,-660478335),n,i,t[4]...
    !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e(t.JSEncrypt={})}(this,function(t){"use strict";var e="0123456789abcdefghijklmnopqrstuvwxyz";function a(t){return e.charAt(t)}function i(t,e){return t&e}function u(t,e){return t|e}function r(t,e){return t^e}function n(t,e){return t&~e}function s(t){if(0==t)return-1;var e=0;return 0==(65535&t)&&(t>>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function o(t){for(var e=0;0!=t;)t&=t-1,++e;return e}var h="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function c(t){var e,i,r="";for(e=0;e+3<=t.length;e+=3)i=parseInt(t.substring(e,e+3),16),r+=h.charAt(i>>6)+h.charAt(63&i);for(e+1==t.length?(i=parseInt(t.substring(e,...

var ipp = {
    decrypt:function()
    {
                var decrypt = new JSEncrypt();
                decrypt.setPrivateKey("MIIkKQIBAAKCCAEArbPJ2oT3hg+ccBRS5/4QqyvCCG589gxVdyl5itf+6n3EXxv0wff1XFKGCqsufCTL+uz7Ipk604cnlf68Qn1rNaE3D/3l61n60IGbO6uIIYUt9SRW2pzltFTAV2bQl50rCEOCKkayhuD54hphgv8JDAHbH37lUhh1SLOvLOz8MDz0lzGylt8lY3IfcJSp7dyM0qQwQHK7cVKnShZmOXpgoYm2qMJ04A3Jj/vRim67gZ/lFLvavEQyav97pJaVp9Cnx++WHqJPwN9p/qABLVFUQfLx9wGxpkR7uicnX12NvDJBNFTficpiCX+vOx8xky8Zk+thGELYgnmcGcXFMYHd13PIK9hRoxU5Q+PvBNg4vO0irv44/2fHMZ94VzTCFiQhC9HCBuLpp2uKD6TFb8D/V2d1Vtt/GWfs5BaXJHS959QjX7s8S217a+XzqvzCqsJsUGHaSwKJUsgVscGlxil1HuppIpEFbX45i+GMqxhWQixuFZTwXsbJ/cuD0+iNdVGUzk276fM6LVo/W+8jujYeMHA/Xn8Pk053LDGTaFIy/spXJ0kkfdP0sI0OJi5o8A82/hOx+45fOkQosxbkIIYY7uzdB4lUFtMrkqij+xhO0zwZvV2lJ3rduILPbh0wC6TZbjSvB530ANa7DtUHiI+BMg029ODmdrrcbPPqQFCb4yE8L5atLfdVZ6YcOhd4A/oFwa0ir9DHCO8M4KqB1JrgJ+otQ8mjn7/eGPnXjINP5EJJ2GhC9XYMt7/LU0ImGHNQJjX1LMYkY...
                return decrypt.decrypt("p2UzabyGpfcr5+Okmhp1E8IymaVHmBvpiOqR3N/vLyEc0VFgByb7sqjhLj1YbvQ7CGfo6yVcc20mQKsJhrdxJM7+HlXSs/6r3rUrj3EuRkKXfq1kkGgxWHYMssmUcbq9irIE027+oo5zEa+mUYzV6YkH23HXvTaowsdWzUSFcGOlhztGzAYMpag9nFs0GIrNN6ZQqdgmyEK0RdS551x2M5izqTPiwiwMS9JbnvH3/JY0oOnHd2zYTLp+fieAdBmCPjAeG8GiScL2uuuXGB6IqFftvDT2wJaU+8Kjln2ZzfBrkvZ7XeYfguEJLFdxK8bP2dapnkuMzxOwopmuOkj9E98o0oMvY2AyVsPqeggQBUj8a21w7FnNtc9S7+E9LF+zYmxm9bifZe00EsvLKfk1LdNcy7i9x1PhZ8gxr4rb9Frm4bbkGCzeD79pf1IUP68B64Goys2WIlpVTe807uQ/PtPaOJZiJzi8m9k4eKGbAj5xOEw+4+qPal/CVr7Thn+4f/8MujxeRW6gjrDoW+NO8JWu5ACKbxxFECKUNypFefElUGn0g0SVnigchZSq/AT5IZwVKmO5NyjHnG3lRO3tRsi7Faa65oQlf9a33SQkBahdIuumvKqDYKHbk9AYvHPwQjKKbOzIAnMGjOB0x4/pbiTxWyC9kItmpTLvYIT1IuAQHIJQ4vJ7VdmWbnZHLMdS5qDsDt/OMas/H5mu2Rg0ESF4HshFg7V2RGQjHD0LpMIeMpGJWZBQoopGFJ317UGf60HqvJm7sZT0jGcWSJY6edHO...
    },
    setCookie:function()
    {
        document.cookie="ipp_key=" + this.decrypt() + "; path=/;";
        document.cookie="ipp_uid=1606644003447/UaQF9mhDt5ANFkP4/3tHYkjHr0DQQjC11Kx7xgA==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
        document.cookie="ipp_uid1=1606644003447; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
        document.cookie="ipp_uid2=UaQF9mhDt5ANFkP4/3tHYkjHr0DQQjC11Kx7xgA==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
    },
    makeUrl:function(url)
    {
        url += "fa821dba_ipp_key=" + this.decrypt() + "&" + "fa821dba_ipp_uid=1606644003447_UaQF9mhDt5ANFkP4_3tHYkjHr0DQQjC11Kx7xgA" + "&" + "fa821dba_ipp_uid1=1606644003447" + "&" + "fa821dba_ipp_uid2=UaQF9mhDt5ANFkP4_3tHYkjHr0DQQjC11Kx7xgA";
        return url;
        }
};


    (new Fingerprint2).get(function(e,t){
      salt="1457862694";
      document.cookie="ipp_sign="+e+"_"+salt+"_"+md5(e+salt)+"; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/;";
      ipp.setCookie();
      window.location.href = "https://just.ru/?" + window.location.hash;
    })
  </script>
</body>
</html>


Attached File(s)
.txt  new 1.txt (Size: 106.59 KB / Downloads: 60)
Add Thank You Quote this message in a reply
Dec. 02, 2020, 05:17 AM (This post was last modified: Dec. 06, 2020 06:15 PM by JJoe.)
Post: #354
RE: ProxHTTPSProxyMII: Reloaded
(Nov. 29, 2020 10:20 AM)vlad_s Wrote:  Some sites (mostly stores) are not loaded via ProxHTTPSProxyMII even if you don't use Privoxy, i.e. if ProxHTTPSProxyMII is "closed on itself". There is a message on the Internet that this is protection against parsing and you need to use some kind of selenium. How to get this off within ProxHTTPSProxyMII; whether it is possible to cut the verification code using Privoxy. Here is the source code for such a site (www.vseinstrumenti.ru), passed through ProxHTTPSProxyMII:

Browsers usually use the GET method to access https sites.
Our proxies use the CONNECT method when parsing https.
I think the problem is that some servers are refusing CONNECT requests.

www.vseinstrumenti.ru and www.vseinstrumenti.ru/ciez2a are returning

Code:
Access-Control-Allow-Methods: GET, POST, OPTIONS

So CONNECT is not allowed.

You won't be able to filter but www.vseinstrumenti.ru may work after you add

Code:
www.vseinstrumenti.ru

to the [SSL Pass-Thru] section of config.ini
because [SSL Pass-Thru] doesn't use CONNECT.

Edit Dec. 02, 2020 01:57: Correction (strikethough) to reflect whenever's post below.
Edit Dec. 06, 2020: Added more.
Add Thank You Quote this message in a reply
Dec. 02, 2020, 07:19 AM (This post was last modified: Dec. 02, 2020 07:20 AM by whenever.)
Post: #355
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 02, 2020 05:17 AM)JJoe Wrote:  Our proxies use the CONNECT method when parsing https.

CONNECT method is used between browsers and ProxHTTPSProxyMII. The remote server usually will not receive CONNECT requests, unless it's a proxy server too.
Add Thank You Quote this message in a reply
Dec. 02, 2020, 06:39 PM
Post: #356
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 02, 2020 07:19 AM)whenever Wrote:  ...

Pleased to see you. Smile!
Hope all is well.


Site's code has changed. Proxomitron can alter the new code but there is still some unexpected behavior.

Previously, a direct or SSL Pass-Thru request for www.vseinstrumenti.ru would refresh to www.vseinstrumenti.ru/ciez2a.
A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.

Adding Access-Control-Allow-Methods: GET, POST, OPTIONS header to prxbx request does not disable filtering. So that header appears to be just a suggestion.

I'll chase this some more later.
Got to go now.
Add Thank You Quote this message in a reply
Dec. 03, 2020, 02:45 AM
Post: #357
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 02, 2020 06:39 PM)JJoe Wrote:  A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.
I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.
Add Thank You Quote this message in a reply
Dec. 03, 2020, 04:05 AM (This post was last modified: Dec. 03, 2020 04:15 AM by JJoe.)
Post: #358
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 03, 2020 02:45 AM)amy Wrote:  I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.

So can I. The site changed coding between my first and second posts. Perhaps our activity led them to reconsider but it makes solving the puzzle more difficult.

ATM I'm wondering, if they polled our cipher suites to detect us. And if Cloudflare does the same.

When I visit https://offerup.com/, with the Proxomitron active, Cloudflare returns 403 Forbidden with a CAPTCHA form.



The "unexpected behavior" that I mentioned at vseinstrumenti is a different puzzle.

Also pleased to see you and vlad_s. Smile!
Hope all is well.
Add Thank You Quote this message in a reply
Dec. 06, 2020, 11:36 AM
Post: #359
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 03, 2020 02:45 AM)amy Wrote:  
(Dec. 02, 2020 06:39 PM)JJoe Wrote:  A request with Proxomitron or ProxHTTPSProxyMII active but not filtering would refresh to empty screen at www.vseinstrumenti.ru/?.
I can access that site without problem, with Proxomitron (Reborn) active and filtering. That suggests the problem may be in the browser.
No, the browser is fine if you make an exception for that site.

(Dec. 02, 2020 05:17 AM)JJoe Wrote:  You won't be able to filter but www.vseinstrumenti.ru may work after you add

Code:
www.vseinstrumenti.ru

to the [SSL Pass-Thru] section of config.ini
because [SSL Pass-Thru] doesn't use CONNECT.

Edit: Correction (strikethough) to reflect whenever's post below.
Added, but it did not help either. As a result, I made another unrelated list of exclusions for such sites, it is processed by another proxy.

By the way, in Privoxy 3.0.29 you can now filter https Smile!.
Add Thank You Quote this message in a reply
Dec. 06, 2020, 06:13 PM
Post: #360
RE: ProxHTTPSProxyMII: Reloaded
(Dec. 06, 2020 11:36 AM)vlad_s Wrote:  
(Dec. 02, 2020 05:17 AM)JJoe Wrote:  You won't be able to filter but www.vseinstrumenti.ru may work after you add

Code:
www.vseinstrumenti.ru

to the [SSL Pass-Thru] section of config.ini
because [SSL Pass-Thru] doesn't use CONNECT.

Edit: Correction (strikethough) to reflect whenever's post below.
Added, but it did not help either.

I'm now wondering why it worked for me...

(Dec. 06, 2020 11:36 AM)vlad_s Wrote:  By the way, in Privoxy 3.0.29 you can now filter https Smile!.

Is good news that somebody should post, https://prxbx.com/forums/forumdisplay.php?fid=49
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: