Post Reply 
Proxo Crashes on SSL connections
Dec. 23, 2014, 10:06 AM
Post: #1
Proxo Crashes on SSL connections
Following this autumn SSL vulnerabilities discoveries and attacks, many sites have dropped SSLv3 AND most have changed something in SSL connections.
Now my Proxo is crashing (restart needed) every now and then on sites intensely using SSL connections. This happens only since october 2014.

I tried reverting from SSL version 0.9.8 which caused more than 12 crashes a day to 0.9.6, having still now crashes at least 4 times a day.

Moreover, before it crashes, Proxo is popping up hundreds of alert boxes (see image). Very boring !

Example of such site: any article on http://seekingalpha.com/
Even my internet radio (AIMP2) crashes from time to time, probably on establishing some SSL connection.

Is there a more reliable version of libeay32.dll-ssleay32.dll, in order to avoid those annoying recurrent crashes,
or any workaround ?
Add Thank You Quote this message in a reply
Dec. 23, 2014, 09:21 PM (This post was last modified: Dec. 23, 2014 09:21 PM by JJoe.)
Post: #2
RE: Proxo Crashes on SSL connections
(Dec. 23, 2014 10:06 AM)fpout Wrote:  Proxo is popping up hundreds of alert boxes (see image).

hundreds? Which alerts? I don't see an image?

FWIW, articles at seekingalpha work for me with the original proxomitron exe and sidki patched dlls.
These days I use whenever's proxy or a patched Proxomitron exe for https.

http://prxbx.com/forums/showthread.php?tid=2172
http://prxbx.com/forums/showthread.php?tid=2156
http://prxbx.com/forums/showthread.php?tid=2179
Add Thank You Quote this message in a reply
Dec. 24, 2014, 06:00 AM
Post: #3
RE: Proxo Crashes on SSL connections
i've been using the "Hex Patches 4U!" patches since they were posted and they have been a GODSEND...

i just now took the plunge and am now using the "latest OpenSSL DLLs" patch also...

i'm not really sure i need the "OpenSSL" patch since the "4U!" patches already took care of all of the *BS* cert-check CRAP...
but now i at least feel like i'm starting the new year off with a "brand new Proxo" Smile!
Add Thank You Quote this message in a reply
Dec. 27, 2014, 01:27 PM
Post: #4
RE: Proxo Crashes on SSL connections
Sorry, I've been away a few days.
Yes, apparently the picture of alerts has gone away. Must have forgotten to press the "Add attachment" button.
Here it is:


Attached File(s)
.gif  Proxo_alert.gif (Size: 5.85 KB / Downloads: 263)
Add Thank You Quote this message in a reply
Dec. 27, 2014, 08:23 PM
Post: #5
RE: Proxo Crashes on SSL connections
(Dec. 27, 2014 01:27 PM)fpout Wrote:  Here it is:

Ugh, http can generate that one. There are related threads in the forums and prox-list.

Did you change or add any filters in October 2014? I assume the problem https sites were https before October.
I think I once caused the alert with a header filter but I don't remember the details.
Do you have any filters with a limit of 32767? Reduce those to 32766 or less.

Hundreds of alert boxes will make it not fun to troubleshoot. If there is one url that consistently generates the alert, using "HTML Debug info" may reduce the number of alerts by limiting requests to one url.

I'll take another look when I get a chance.

There is also a patch in http://prxbx.com/forums/showthread.php?tid=2156 to silence the alerts but I have no experience with it.
Add Thank You Quote this message in a reply
Dec. 28, 2014, 11:05 AM (This post was last modified: Dec. 28, 2014 11:09 AM by ProxRocks.)
Post: #6
RE: Proxo Crashes on SSL connections
(Dec. 27, 2014 08:23 PM)JJoe Wrote:  There is also a patch in http://prxbx.com/forums/showthread.php?tid=2156 to silence the alerts but I have no experience with it.

i am using said patch because i used to get those alerts also
i haven't seen the alert since applying the patch but i also didn't log any url's to fully test it either

if you have any url's, please post

edit: all of my filters are (and were at time of alerts) already at 32766 or less and there are/were no 32767's
Add Thank You Quote this message in a reply
Jan. 04, 2015, 05:31 AM
Post: #7
RE: Proxo Crashes on SSL connections
For the record....

I also noticed that Proxo has steadily been getting more and more "cranky" about SSL connections, and occasionally needs a Exit/Restart in order to maintain communications. To answer JJoe's questions - I have added no header filters in quite some time (like maybe 18 months, probably longer), and only one Web filter, for a single site (to eliminate a newly re-coded ad that I had previously killed). Ditto for the run-length of any filter, none of them are even close to the limit.

That said, I have long disallowed secure connections for the purpose of displaying any images, simply because they were taking too much time, and let's face it, who cares that an image is "secure" or not. (Discussion below on steganography.) Which brings me to fpout's problem - it's certainly possible that a given site is doing at least one of two things:

a) Loading many legitimate images from a secure server, such as MySpace used to do (and maybe still does - does anyone even use MySpace anymore?);

or

b) Loading images in secret for tracking purposes.


That last item used to occur from only one, or maybe two, third-party site(s) per page. Nowadays, watching your log will reveal that anyone using "common" javascripts coming from an ad network will attempt to load up to 35 "webbugs" (my best count, but it's usually less than half that)... for just one page. Add to that the frustration of clicking anywhere on a page, and a CSS style that has an attached URL will launch yet another script which, you guessed it, loads even more of this nonsense. No wonder fpout sees so many Error Dialog Boxes! Banging Head


In the first instance, I'm starting to believe that I'm gonna have to take ProxRock's advice, and patch my Proxo to prevent this behavior. But in the long run, the web is in a tug-of-war between forces trying to either protect privacy, or to invade and nullify it. Meaning, we don't know, nor can we predict, what protocol is gonna come along next, and how long it's gonna last before succumbing to yet another "latest and greatest" form of sending information (of any kind). These are stormy seas we're awash in, and I predict it's gonna get worse before it gets better. Pray


But when all is said and done, my personal take is this: until "they" fully deprecate HTTP, I'll continue to use Proxo, no doubt about it. I may miss out on some page content, due to my filter set being overly agressive at times, but that's nothing new! As of this moment, Mr. Lemmon has prevented me from contracting any diseases of the browser for more than 15-1/2 years. Another couple of years, and it'll be old enough to smoke!



Oddysey

------------

On steganography:

Yes, information can be hidden within an image, even programming instructions. Fortunately, most image rendering programs (ncluding browsers) of the last decade or so are aware of this possibility, and actively prevent execution of such instructions. Of course, as soon as I say that, some higher-level black hat will devise a way to prove me wrong, so take this paragraph with a grain of salt. Wink

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Jan. 04, 2015, 01:19 PM
Post: #8
RE: Proxo Crashes on SSL connections
right out of my own playbook

i learned long ago that dang near *ALL* of the cert-check CRAP was all due to an image, css, or js being brought in under httpS

on httpS sites, i tend to still let the image in, i just load it via http instead of httpS

on http sites, i don't let any httpS content in
you can bet your bottom dollar that there's some "tracking" involved and the web designer knows that most people "blindly trust" anything labeled "secure"
Add Thank You Quote this message in a reply
Jan. 18, 2015, 04:22 PM
Post: #9
RE: Proxo Crashes on SSL connections
Hello,

Thanks for suggesting these patches: http://prxbx.com/forums/showthread.php?tid=2156
I applied these patches with HxD:
- SSL Certificate CN Always Matches =
0000ECA7: EB 75
- Bypass Exception Errors: "ProxomiTron Application Error. Exception [%08X] raised in..." =
00009450: C3 8B
00009451: 90 44
00009452: 90 24
00009453: 90 08
- DEPRECATED: Bypass SSL Certificate Error Part 2: "Always respond with this answer." --> 3: Allow Session =
0000F360: 03 01

But didn't have to rename/delete "proxcert.pem".
It seems to be working for 5-6 days, now. I get no more Proxo alert box on seekingalpha pages for example, and Prox only crashes about once a day or less, instead of dozens of times a day before patches.
I noticed no other apparent change in surfing behaviour.
Add Thank You Quote this message in a reply
Jan. 18, 2015, 04:43 PM
Post: #10
RE: Proxo Crashes on SSL connections
ProxRocks wrote:
Quote:... on http sites, i don't let any httpS content in

How do you block httpS links on http sites ?
Add Thank You Quote this message in a reply
Jan. 20, 2015, 03:05 AM
Post: #11
RE: Proxo Crashes on SSL connections
i don't block httpS links on http sites

rather, i don't allow http sites to bring .js, .css, .jpg, etcetera in from an https URL
Add Thank You Quote this message in a reply
Feb. 01, 2015, 11:42 AM
Post: #12
RE: Proxo Crashes on SSL connections
(Jan. 20, 2015 03:05 AM)ProxRocks Wrote:  rather, i don't allow http sites to bring .js, .css, .jpg, etcetera in from an https URL
Hello,

How do you do that, practically ?
Add Thank You Quote this message in a reply
Feb. 01, 2015, 09:49 PM
Post: #13
RE: Proxo Crashes on SSL connections
not really that uncommon

scroll through your filters and you'll likely find a few that block "third party" things such as iFrames and Scripts

back in the day of "JD 5000" (a very common config prior to "sidki3003" going public with his config), JD used to block "third party" images [i still use a modified version of those very old third-party image blockers]

basically it's the same principal
if my web browser's URL says i'm on "ht-tp://www.prxbx.com" then ANYTHING coming in from "ht-tpS://www.prxbx.com" is treated as THIRD-PARTY and is BLOCKED
Add Thank You Quote this message in a reply
Feb. 02, 2015, 07:47 PM
Post: #14
RE: Proxo Crashes on SSL connections
I see.

I remember the times of JD-500, before Sidki's set.
I tried to find JD5000 config set on the web, but was unable to get a source.

Do you have an idea about where to find it ?
Add Thank You Quote this message in a reply
Feb. 03, 2015, 01:22 AM (This post was last modified: Feb. 03, 2015 01:26 AM by ProxRocks.)
Post: #15
RE: Proxo Crashes on SSL connections
attached is what i think was his last release
at least by file date without digging too deep into the archives

i haven't used it for several years "out of the box" so can't say if it's ready to run 'as-is' or not...


(i'd post my "off-site" blockers but i admit that they often "break" web sites - i don't mind it "here" because i find that the sites that get "broken" are the sites with a bunch of *CRAP* anyway... one of these days i suppose it will be ready for "prime time" and i'll post them, but they're more of a work-in-progress at this stage...)


Attached File(s)
.zip  JD_Alpha_10-14-04.zip (Size: 203.07 KB / Downloads: 222)
Add Thank You Quote this message in a reply
[-] The following 2 users say Thank You to ProxRocks for this post:
fpout, herbalist
Post Reply 


Forum Jump: