Post Reply 
ProxHTTPSProxyMII: Development
Jun. 22, 2014, 05:17 AM
Post: #51
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program
Third published draft.

Code:
ProxHTTPSProxy creates two local servers, "front" and "rear",
to provide modern secure https connections for the Proxomitron local proxy.

Show ProxHTTPSProxy.png

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

To run ProxHTTPSProxy.py:

Install the latest Python 3.x from  https://www.python.org/download/
Install the latest OpenSSL from     http://www.slproweb.com/products/Win32OpenSSL.html
                                    OpenSSL needs "Visual C++ 2008 Redistributables"
Install pyOpenSSL                   https://pypi.python.org/pypi/pyOpenSSL/0.14
Install urllib3                     https://pypi.python.org/pypi/urllib3
Install colorama                    https://pypi.python.org/pypi/colorama

Use a direct connection while installing these libraries!

Assuming that Python installed to c:\Python34:
c:\Python34\Scripts>pip install pyopenssl
c:\Python34\Scripts>pip install urllib3
c:\Python34\Scripts>pip install colorama

For new Python users:
Window's command-prompt window should eventually resemble cmdexe.png without
the highlighting of the commands that you will enter.

Double-click on ProxHTTPSProxy.py file to start.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

To use ProxHTTPSProxy proxies:

Add ProxHTTPSProxy's "CA.crt" to the browser's store of trusted certificate authorities.
Set the browser to use the ProxHTTPSProxy front server for secure connections.
    The front server's default address is 127.0.0.1 on port 8079.
Add the ProxHTTPSProxy rear server to the Proxomitron's list of external proxies.
    The default entry is 127.0.0.1:8081 ProxHTTPSProxy
    , http://proxomitron.info/45/help/External%20Proxy%20Dialog.html .
Add
    $OHDR(Tagged:Proxomitron FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)|
    to the beginning of the entry in Proxomitron's "Bypass URLs that match this expression" field, http://proxomitron.info/45/help/CfgT2.html#foo .
    If the field is empty, add
    $OHDR(Tagged:Proxomitron FrontProxy/*)$SETPROXY(127.0.0.1:8081)(^)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Q and A:

Why is the browser complaining?
ProxHTTPSProxy's "CA.crt" must be in the browser's store of trusted certificate authorities.

Can ProxHTTPSProxy use another port?
Modify "ProxHTTPSProxy.ini" and associated settings in the Proxomitron.

Will the ProxHTTPSProxy certificate store be updated?
Download and replace the "cacert.pem" file in ProxHTTPSProxy with one from http://curl.haxx.se/docs/caextract.html .
Consider emptying the certs folder in the ProxHTTPSProxy folder.

How will the Proxomitron know which connections are https?
By testing for the "Tagged" request header, like $OHDR(Tagged:Proxomitron FrontProxy/*) .

How do I view a site that has a bad certificate?
The Proxomitron can still do https and it may not care. Try a header filter, like

[HTTP headers]
In = FALSE
Out = TRUE
Key = "Tagged: Use Proxomitron for https://badcert.com"
URL = "badcert.com$OHDR(Tagged:Proxomitron FrontProxy/*)$USEPROXY(false)$RDIR(https://badcert.com)"

, after adding the ssl files to the Proxomitron, http://proxomitron.info/files/index.html .
This filter also removes the "Tagged" header.

Redirects of "Tagged" connections, $RDIR(http://local.ptron/killed.gif), don't work?
Use an expression like $USEPROXY(false)$RDIR(http://local.ptron/killed.gif).
Also, before redirecting "Tagged" connections to external resources consider removing the "Tagged" header.

How does the "Bypass URLs that match this expression" entry work?
The Proxomitron always executes some commands in this field.
Putting the entry there allows the Proxomitron to use the rear server when in Bypass mode.
This undocumented feature brings many possibilities but remember, an actual match triggers bypass of filtering!
$OHDR(Tagged:Proxomitron FrontProxy/*) checks for the header that indicates an https request.
$SETPROXY(127.0.0.1:8081) is executed when found.
(^) expression never matches.

Any additional instructions for the current sidki set?
1. Redirect connections to http resources with an expression like $USEPROXY(false)$SET(keyword=i_proxy:0.)$RDIR(http://local.ptron/killed.gif).
2. Add the following two lines to Exceptions-U
   $OHDR(Tagged:Proxomitron FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)
   ~(^$TST(keyword=i_proxy:[03].))$OHDR(Tagged:Proxomitron FrontProxy/*)$SET(keyword=$GET(keyword)i_proxy:3.)(^)

Why is this better than using the Proxomitron's ssl routine?
The Proxomitron's ssl routine is dated.
The many alerts from the browser and the Proxomitron may cause some users to disable all alerts.

Why is this better than using half-ssl?
The purpose of half-ssl is to hide the secure connection from the browser.
Half-ssl routines are often an incomplete solution.
The Proxomitron's ssl routine is dated.  
The many alerts may cause some users to disable all alerts.
Cookies and other data may be incorrectly assigned.
Browsers should not treat secure data the same as insecure data.

Should I filter https?
Be aware and careful! But...
So many ordinary everyday sites (yahoo, google, etc) and servers are now using https that you may not have a choice.
However, use a direct connection when you don't want any mistakes made.
Remember, use at your own risk!

Have fun!


Attached File(s)
.png  ProxHTTPSProxy.png (Size: 30.16 KB / Downloads: 711)
.png  cmdexe.png (Size: 46.98 KB / Downloads: 681)
Add Thank You Quote this message in a reply
Post Reply 


Messages In This Thread
ProxHTTPSProxyMII: Development - whenever - May. 28, 2014, 03:13 AM
RE: ProxHTTPSProxyMII: Development - GunGunGun - Jan. 11, 2015, 10:38 AM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 14, 2015, 09:27 AM
RE: ProxHTTPSProxyMII: Development - JJoe - Jan. 14, 2015, 05:59 PM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 15, 2015, 01:47 AM
RE: ProxHTTPSProxyMII: Development - soccerfan - Jan. 19, 2015, 08:19 PM
RE: ProxHTTPSProxyMII: Development - GunGunGun - Jan. 15, 2015, 07:36 AM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 15, 2015, 10:05 AM
RE: ProxHTTPSProxyMII: Development - GunGunGun - Jan. 15, 2015, 01:22 PM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 16, 2015, 02:38 AM
RE: ProxHTTPSProxyMII: Development - JJoe - Mar. 30, 2015, 02:55 AM
RE: ProxHTTPSProxyMII: Development - whenever - Mar. 30, 2015, 07:22 AM
RE: ProxHTTPSProxyMII: Development - GunGunGun - Apr. 18, 2015, 03:44 AM
RE: ProxHTTPSProxyMII: Development - JJoe - Apr. 18, 2015, 04:08 AM
RE: ProxHTTPSProxyMII: Development - GunGunGun - Apr. 18, 2015, 05:22 AM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 01, 2015, 08:04 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Oct. 03, 2015, 11:03 AM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 04, 2015, 02:38 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Oct. 10, 2015, 03:00 PM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 15, 2015, 03:05 AM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 21, 2015, 09:23 AM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 22, 2015, 03:37 AM
RE: ProxHTTPSProxyMII: Development - whenever - Oct. 23, 2015, 08:18 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Nov. 09, 2015, 06:03 PM
RE: ProxHTTPSProxyMII: Development - whenever - Nov. 10, 2015, 01:59 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Nov. 10, 2015, 07:02 PM
RE: ProxHTTPSProxyMII: Development - whenever - Nov. 11, 2015, 07:44 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Nov. 12, 2015, 07:12 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Nov. 16, 2015, 10:12 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Dec. 10, 2015, 11:43 PM
RE: ProxHTTPSProxyMII: Development - whenever - Dec. 22, 2015, 09:23 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Dec. 22, 2015, 11:48 AM
RE: ProxHTTPSProxyMII: Development - rogern - Dec. 21, 2015, 08:59 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Dec. 22, 2015, 08:51 AM
RE: ProxHTTPSProxyMII: Development - whenever - Dec. 23, 2015, 02:08 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Dec. 26, 2015, 03:16 PM
RE: ProxHTTPSProxyMII: Development - whenever - Dec. 30, 2015, 08:35 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Jan. 12, 2016, 12:24 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Dec. 23, 2015, 02:20 PM
RE: ProxHTTPSProxyMII: Development - whenever - Dec. 25, 2015, 03:28 AM
RE: ProxHTTPSProxyMII: Development - Faxopita - Dec. 24, 2015, 01:23 PM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 12, 2016, 12:45 PM
RE: ProxHTTPSProxyMII: Development - soccerfan - Jan. 12, 2016, 06:09 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Jan. 12, 2016, 11:15 PM
RE: ProxHTTPSProxyMII: Development - whenever - May. 16, 2016, 08:26 AM
RE: ProxHTTPSProxyMII: Development - kik0s - May. 16, 2016, 08:46 AM
RE: ProxHTTPSProxyMII: Development - whenever - May. 16, 2016, 01:45 PM
RE: ProxHTTPSProxyMII: Development - kik0s - May. 16, 2016, 02:22 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jan. 25, 2016, 12:09 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Jan. 29, 2016, 07:03 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jan. 30, 2016, 12:57 AM
RE: ProxHTTPSProxyMII: Development - kik0s - May. 25, 2016, 01:12 AM
RE: ProxHTTPSProxyMII: Development - JJoe - May. 25, 2016, 03:26 PM
RE: ProxHTTPSProxyMII: Development - Faxopita - May. 25, 2016, 06:10 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Jun. 09, 2016, 01:02 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jun. 25, 2016, 02:03 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Jun. 17, 2016, 11:09 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jun. 25, 2016, 02:06 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Jun. 28, 2016, 10:18 PM
RE: ProxHTTPSProxyMII: Development - whenever - Jul. 04, 2016, 07:04 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Jul. 04, 2016, 02:14 PM
RE: ProxHTTPSProxyMII: Development - whenever - Jul. 05, 2016, 01:43 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Jul. 05, 2016, 09:02 AM
RE: ProxHTTPSProxyMII: Development - Strykar - Aug. 25, 2016, 09:24 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Sep. 12, 2016, 10:41 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Sep. 13, 2016, 05:36 PM
RE: ProxHTTPSProxyMII: Development - Strykar - Sep. 14, 2016, 01:46 AM
RE: ProxHTTPSProxyMII: Development - Strykar - Sep. 14, 2016, 01:38 AM
RE: ProxHTTPSProxyMII: Development - kik0s - Sep. 16, 2016, 08:32 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Sep. 16, 2016, 11:31 PM
RE: ProxHTTPSProxyMII: Development - kik0s - Sep. 19, 2016, 11:31 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Apr. 19, 2018, 01:56 AM
RE: ProxHTTPSProxyMII: Development - JJoe - Apr. 21, 2018, 09:04 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jun. 17, 2018, 02:12 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Jul. 20, 2019, 06:48 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jul. 22, 2019, 02:12 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Jul. 22, 2019, 07:04 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Jul. 23, 2019, 06:08 AM
RE: ProxHTTPSProxyMII: Development - amy - Jul. 23, 2019, 12:03 PM
RE: ProxHTTPSProxyMII: Development - vlad_s - Jul. 23, 2019, 05:34 PM
RE: ProxHTTPSProxyMII: Development - vlad_s - Jul. 26, 2019, 10:16 PM
RE: ProxHTTPSProxyMII: Development - amy - Sep. 16, 2019, 03:01 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Sep. 12, 2019, 08:24 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Sep. 15, 2019, 01:22 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Sep. 21, 2019, 07:14 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Sep. 25, 2019, 03:49 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Sep. 25, 2019, 08:25 PM
RE: ProxHTTPSProxyMII: Development - JJoe - Sep. 26, 2019, 02:44 AM
RE: ProxHTTPSProxyMII: Development - vlad_s - Sep. 26, 2019, 05:25 PM
RE: ProxHTTPSProxyMII: Development - vlad_s - Sep. 26, 2019, 05:54 PM
RE: ProxHTTPSProxyMII: Development - vlad_s - Jun. 14, 2020, 09:37 PM
RE: ProxHTTPSProxy, a Proxomitron SSL Helper Program - JJoe - Jun. 22, 2014 05:17 AM
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Dec. 30, 2014, 09:25 PM
RE: ProxHTTPSProxyMII: Reloaded - GunGunGun - Dec. 31, 2014, 04:30 AM
RE: ProxHTTPSProxyMII: Reloaded - whenever - Jan. 04, 2015, 02:51 AM
RE: ProxHTTPSProxyMII: Reloaded - GunGunGun - Jan. 10, 2015, 09:31 AM
RE: ProxHTTPSProxyMII: Development - whenever - Jan. 11, 2015, 08:26 AM
RE: ProxHTTPSProxyMII: Reloaded - JJoe - Jan. 10, 2015, 04:50 PM
RE: ProxHTTPSProxyMII: Reloaded - GunGunGun - Jan. 10, 2015, 05:56 PM

Forum Jump: