Snowshoe
Content Type
Profiles
Forums
Events
Posts posted by Snowshoe
-
-
33 minutes ago, AstroSkipper said:
If the login is necessary for activation of KFA, then you will probably stuck without any further features like for example real-time protection. In terms of Bitdefender, the same problem occurs. No login possible, no activation. Fortunately, I am not particularly interested in these programs. And one thing is clear: Kaspersky has removed all resources relating to KFA 19. So I am not at all surprised that it is no longer possible to log into the My Kaspersky account.
Unactivated Kaspersky 19 also locks database updates after a day or so, effectively making it useless outside a one-time device scan. I'll probably try Panda Dome or Malwarebytes instead.
1 -
On 5/13/2023 at 2:36 AM, AstroSkipper said:
I provided the download link of my cleaned and re-repacked version of KFA 19 in this post for all who are interested:
Cheers, AstroSkipper
This repack will not install on Windows XP 32-bit due to critical missing files: corebasesx86.cab and instx86.z - however, these files are still available on the Kaspersky servers. Once these files are placed next to startup.exe, then it will install on XP x86.
http://dm.kaspersky-labs.com/bases/kavkis2019/KIS/corebasesx86.cab http://dm.kaspersky-labs.com/bases/kavkis2019/KIS/instx86.zI know this is untested, but unfortunately I am having other issues with Kaspersky 19 on XP. Database updates do work (and the standalone Kaspersky Update Utility can also be used), but it doesn't seem possible to activate. That means you are stuck with manual scanning, no realtime components. With ProxHTTPSProxy I get an Untrusted server certificate error, with seemingly no way to add a trusted certificate on this version of Kaspersky Free. Without ProxHTTPSProxy I get an SSL error. Also, the My Kasperky login seems non-functional.
2 -
On 2/5/2023 at 1:03 PM, cmalex said:
Greetings.
"libcurl 7.69 with schannel" and "curl 7.46 with openssl" - is a incomparable thing :-(
There is some problems with OpenSSL and "Let's Encrypt" certificates, so simplest way is to use ProxyMII + custom libcurl.
In attachment - libcurl 7.69.1 with schannel, built on Visual Studio C Express 2008 with forced disabled revocation (string 516 in lib\vtls\schannel.c).
Please set masterserver_debug to "Off" - or this library may crash (i can't understood - why?)
Best regards.
This solved the problem, thank you.
2 -
4 minutes ago, AstroSkipper said:
Which version of ProxHTTPSProxy are you using?
I have the 08/18/2022 version from the first page, ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3.
0 -
It works in IE8 but not in the game, sadly...
I have the following environment variables:
http_proxy=localhost:8081
https_proxy=localhost:8079
SSL_CERT_FILE C:\ProxHTTPSProxy\CA.crt
0 -
14 hours ago, AstroSkipper said:
Frankly, I don't really see the need to use curl with ProxHTTPSProxy. It should also do its job without this proxy in Windows XP. About programs with curl embedded, I can't say anything detailed. These programs would have to be specified more clearly. Maybe, @Snowshoe can explain more detailed what kind of programs he referred to, what he actually wants to achieve with these curl programs and why he needs a connection established by ProxHTTPSProxy, including the command line input or other execution commands which leads to the error. In any case, the curl option --ssl-no-revoke prevents the cert revocation check with the server to be connected.
The program is a free open-source game called SRB2Kart. To get the latest version to work on XP you just need to place an XP-compatible dbghelp.dll in the same directory. To access the multiplayer feature, you select Multiplayer > Internet Server Browser from the main menu. Setting masterserver_debug "On" in kartconfig.cfg will show more information in the game's log.txt file. Anyway... the server it connects to uses TLS 1.2 (HTTPS only, no HTTP), but I can't get the game to connect to it regardless of whether or not I use ProxHTTPSProxy.
Without ProxHTTPSProxy:
IE8 can't connect to the server, even though TLS 1.2 is enabled. IE8 gives this error:
While the game log shows this error:
HMS: connecting 'https://ms.kartkrew.org/ms/api/games/SRB2Kart/10/servers?v=2.2'... * Trying 173.234.30.114:443... * Connected to ms.kartkrew.org (173.234.30.114) port 443 (#0) * schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL (0x80090322) - The target principal name is incorrect. * Closing connection 0 * schannel: shutting down SSL/TLS connection with ms.kartkrew.org port 443 ERROR: There was a problem contacting the master server... From curl_easy_perform: SSL peer certificate or SSH remote key was not OKWith ProxHTTPSProxy:
IE8 will connect, but the game still cannot. ProxHTTPSProxy log shows this warning when the game tries to connect:
000 "[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1094)" while trying to establish local SSL tunnel for [ms.kartkrew.org:443]While the game log shows this error:
HMS: connecting 'https://ms.kartkrew.org/ms/api/games/SRB2Kart/10/servers?v=2.2'... * Uses proxy env variable https_proxy == 'localhost:8079' * Trying 127.0.0.1:8079... * Connected to localhost (127.0.0.1) port 8079 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to ms.kartkrew.org:443 > CONNECT ms.kartkrew.org:443 HTTP/1.1 Host: ms.kartkrew.org:443 Proxy-Connection: Keep-Alive < HTTP/1.1 200 Connection established < Proxy-agent: ProxHTTPSProxyMII FrontProxy/v1.5 Python/3.7.1 < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * CONNECT phase completed! * CONNECT phase completed! * schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. * Closing connection 0 * schannel: shutting down SSL/TLS connection with ms.kartkrew.org port 443 ERROR: There was a problem contacting the master server... From curl_easy_perform: SSL connect errorStandalone Curl Test (with ProxHTTPSProxy and environment variables):
C:\Documents and Settings\Snowshoe>curl -v https://ms.kartkrew.org/ms/api * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 8079 (#0) * Establish HTTP proxy tunnel to ms.kartkrew.org:443 > CONNECT ms.kartkrew.org:443 HTTP/1.1 > Host: ms.kartkrew.org:443 > User-Agent: curl/7.46.0 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < Proxy-agent: ProxHTTPSProxyMII FrontProxy/v1.5 Python/3.7.1 < * Proxy replied OK to CONNECT request * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: C:\ProxHTTPSProxy\CA.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=*.kartkrew.org * start date: Jan 27 12:32:01 2023 GMT * expire date: Jan 26 12:32:01 2033 GMT * subjectAltName: ms.kartkrew.org matched * issuer: C=CN; O=ProxHTTPSProxy; OU=pyOpenSSL; CN=ProxHTTPSProxy CA * SSL certificate verify ok. > GET /ms/api HTTP/1.1 > Host: ms.kartkrew.org > User-Agent: curl/7.46.0 > Accept: */* > < HTTP/1.1 404 NOT FOUND < Server: nginx/1.18.0 (Ubuntu) < Date: Sat, 04 Feb 2023 15:15:03 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 232 < <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manuall y please check your spelling and try again.</p> * Connection #0 to host localhost left intact
I could possibly re-compile the game with CURLOPT_SSL_VERIFYPEER or CURLSSLOPT_NO_REVOKE thrown into the game's code, but that would be a last resort.
Hopefully this helps.
0 -
On 1/29/2023 at 8:08 AM, cmalex said:
Greetings.
Certificates and proxy settings from IE are not always respected by curl and libcurl.
Did You tried system variables, used by libcurl - "https_proxy" for example https://curl.se/libcurl/c/libcurl-env.html
If You know exactly which SSL backend is used - You can use it's own enviroment variables for CA certificates.
For example, OpenSSL has been using "SSL_CERT_FILE" and "SSL_CERT_DIR" since the dawn of time : https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_default_verify_paths.html https://www.openssl.org/docs/man3.0/man7/openssl-env.html
Best regards.
While setting the https_proxy environment variable to localhost:8079 forces it to use the HTTPS proxy, it seems to abort the connection at the certificate revocation check. I've looked around and I don't think cert verification in curl (at least with OpenSSL) can be disabled with an environment variable, but I could be wrong.
* Uses proxy env variable https_proxy == 'localhost:8079' * Trying 127.0.0.1:8079... * Connected to localhost (127.0.0.1) port 8079 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to ms.kartkrew.org:443 > CONNECT ms.kartkrew.org:443 HTTP/1.1 Host: ms.kartkrew.org:443 Proxy-Connection: Keep-Alive < HTTP/1.1 200 Connection established < Proxy-agent: ProxHTTPSProxyMII FrontProxy/v1.5 Python/3.7.1 < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * CONNECT phase completed! * CONNECT phase completed! * schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. * Closing connection 0 * schannel: shutting down SSL/TLS connection with ms.kartkrew.org port 4430 -
On 1/4/2023 at 5:19 PM, AstroSkipper said:
Interesting news!
ProxHTTPSProxy can only be used by programs which offer an option to use the IE proxy settings as for example browsers or use system components if the proxy has been set system-wide. From now on, we have the possibility to connect any program with a server or the internet via the local proxy ProxHTTPSProxy if necessary, of course including the latest protocol TLS 1.3. The solution is SocksCap64. I have already tested this tool, and it works perfectly with ProxHTTPSProxy.
Link: https://www.sockscap64.com/homepage/
Cheers, AstroSkipper
Can you demonstrate how to get this working with ProxHTTPSProxy? Or show your settings inside SocksCap64? It doesn't have a HTTPS proxy setting, only HTTP, which doesn't work for me.
I am trying to use programs that do use HTTPS but don't use the system proxy server (including programs that use libcurl.dll, or have curl static compiled into the executable). Simply updating root certificates and enabling TLS 1.2 in IE is not enough, I get a mis-matched hostname certificate error when trying to run programs that use curl (or go on certain sites with IE when ProxHTTPSProxy isn't enabled, for that matter). Also, redirecting requests from curl to plain HTTP is not always possible because the server does not serve plain HTTP and only uses a 301 redirect to HTTPS regardless of the URL.
0
Windows XP with modern Office, Chrome 100+, and Discord (via official Microsoft RemoteApp "Application Server")
in Windows XP
Posted
Is there not a way to do this without disconnecting the Win10 computer's session? What if you want to use Windows 10 while running Windows 10 programs inside XP at the same time under the same user?