NotHereToPlayGames

I apologize if I sound a bit blunt, but I am the wrong person to ask. Browser "certificates" have been flawed ever since the "web" decided to use httpS "everywhere" instead of only on banking web sites (circa May 2000). Chrome did not start "nagging" its users that http pages are not "secure" until version 68 [July 2018]. Mozilla followed Chrome's footsteps with the "nagging" with the release of Firefox version 70 [October 2019]. Firefox did flag password fields on forms with version 46 but was not enabled by default until version 51 [January 2017, at which time Chrome also flagged password fields that where not https). But as far as blocking access based on a "padlock", that started in 2018 with Chrome and in 2019 with Firefox. I have personally always disabled these "nags" and I find the "padlock" in a web browser's address bar to be a complete and utter waste of time - so again, I apologize, but I am not the person to ask. That's not to be "misread" or "misinterpreted". I do have "blocking" means employed for "security", but that "d@mn" 'padlock' is NOT one of them. Malware web sites have GREEN PADLOCKS! [also the very reason I started telling Proxomitron users to filter HTTPS way back in 2004!]) https://www.pcmag.com/news/google-chrome-begins-flagging-all-http-pages-as-not-secure https://www.zdnet.com/article/firefox-follows-in-chromes-footsteps-and-will-mark-all-http-pages-as-not-secure/ https://nakedsecurity.sophos.com/2020/02/18/malware-and-https-a-growing-love-affair/

I can only confirm that I tried it both ways and I had to use the proxcert-MakeCert.bat step in order for the new .pem files to "work". It appears redundant, but I did try it both ways and was unsuccessful without this step. However, I may have not noticed that an exit-and-relaunch is required so I will double-check and report my findings. Update - I can confirm that the proxcert-MakeCert.bat step is required. I cannot get Mypal to accept the certificate if I skip this step. There are "cryptography" settings available but they are "over my head" and I am unsure if they would elliminate this step or not. That is correct. You may have missed one of my steps because in the uploaded files you should find that the certs.pem file was renamed to certs.pem-disabled (essentially deleting the file because Proxomitron hunts for it by name). The confusion here is that 8443 is an "internal" port (at least that seems to be the best way to explain it). The port connections for http and for https are both to be set at 8080 (just like the original Proxomitron that we all used before Proxomitron Reborn). And this 8080 should be used in your operating system or browsers proxy settings and in Proxomitron's Config Settings "http" TAB. It is only the "https" TAB in Proxomitron's Config Settings that uses 8443.

Here's another one of my favorite functions (default settings for Advanced Mode, did not verify in Standard Mode). A lot of users like to "embed" YouTube videos, especially in the What Are You Listening To? thread. Since these are contained in an "iFrame" (my default uMatrix blocks), we can now toggle them into view. Or click to open in current tab or right-click to open in new tab, window, or incongito window (my default extensions block YouTube unless I am actually on YouTube).

Here's another cool function of Proxomitron. Credit to @XPerceniol for the image. Animated gif's by default animate in an endless loop. With Proxomitron you can freeze them completely or limit their number of loops. Refresh this page and watch the below animated gif with different Proxomitron settings (do not check the Freeze when you check the Header filter for Filter GIFs [requires Web Page filter for Limit Animated GIFs]).

For a more permanent solution, add this to your Exceptions-U.txt file then have Proxomitron reload the config so that it takes effect (the keylogger remains deactivated unless you manually activate using the "timer" button) - # MSFN msfn.org/ $SET(0=a_track.i_script:0.)

ps - maybe I should add some context. I live next door (two doors down, actually) from a house that was "inherited" by three brothers/sisters TWELVE YEARS AGO and they no longer live in this state. The three kids rotate on who will take their two-week vacation and spend it at the "inheritance" sorting through JUNK. They have cleared out TWO BEDROOMS of JUNK. But the garage STILL has boxes and boxes of JUNK that they "inherited". They cannot sell the house because of all of the JUNK. And they "live in fear" of throwing away something "valuable" if they don't sort through each and every box. I see THAT and there is no way in Hades I plan on putting my own kids through that TORTURE.

But my BOTTOM LINE remains the same! Don't let your KIDS inherit a garage full of "reusable junk" that you yourself haven't touched in FORTY YEARS. That's NOT "thankless" or "cold hearted", it's just "reality". If you want YOUR stuff "reused", then do NOT hand it over to the next generation and have them sift through junk that even antique shops cannot unload!

Too funny! I literally edited my post to say "reuse" and we posted at the same time. We're on the same page, lol.

Sorry. I'm from a family of six kids. So I mispoke. "Recycle" to me is when my older brother doesn't use his bicycle anymore so I claim it as my own. How many people would have known what I was talking about if I said to "garage sale it" ? I did mean "reuse" versus "recycle".

I agree also. I did not say to put it in the dumpster. I said to recyle it Guess my point is that if it took our parents EIGHTY YEARS to collect "stuff", why put our kids in the position of having to spend MONTHS upon MONTHS of sorting through two spare bedrooms, a two-car garage with no room for a car and barely enough room for a lawnmower, and an attic of "junk" ??? I have no intention of spending TWENTY YEARS of retirement years sorting though my PARENT'S junk! Because a MONTH or so in, I'll rent a DUMPSTER because I'm not spending that "time" to sift through "collectibles" that nobody in my generation "wants". My generation is more "mobile", we tend to me "minimalists". We have our own share of "junk", don't get me wrong. But not two spare bedrooms, a two-car garage, and an attic of "stuff" that hasn't been touched for FORTY YEARS. Just calling it like I see it.

Findings like this are to be expected (we are "filtering" the web page). It's why we have bypass lists. For MSFN, I don't use any bypass lists but do use the Proxomitron Menu (click on a web page and you access it from the lower right corner). For the MSFN reply box, you can enable it this way --

Sometimes it's just "time to". I don't believe in a "throwaway society", my everyday belt is the same belt I wore in the 90s. But us Americans especially, we tend to collect a lot of "junk". I support "recycling" so most of my stuff doesn't land in a "dumpster", but sometimes "junk is junk". "Baby Boomers" are particulary bad. They are the offspring of parents that lived through the Great Depression (I knew one that put WATER on her breakfast cereal instead of MILK). Gen X'ers, Y's, Millenials - we don't want your "junk". I know far too many in my generation "saddled" with inheriting 3 bedroom houses where two of the bedrooms, the garage, and the attic is nothing but miles upon miles of JUNK. I'm not trying to sound insensitive or heartless - but do us a favor and unload your own junk and don't make us recycle it for you. Speaking colloquially, of course. You/your is not a "person", but a collective-whole. But anywhoo...

Totally agree! Microsoft is sitting in their offices just LAUGHING, "They'll never dethrone us, you can NOT win over 'public opinion' when you have over 600 distros and 500 in active development! We can't even get 'public opinion' to agree on 10 versus 11!" You know, kinda like "What's the best way to win a 2-party election? Easy, throw in a 3rd-party candidate to split votes with one of the two parties!"

Updated link for "base config" download updated in download post -- https://msfn.org/board/topic/183295-web-browser-proxomitron-reborn-ptrongui-a-how-to-guide/?do=findComment&comment=1211614 File Date == 01-26-2022

Everything should be working in Serpent 52 now that port 8443 versus port 443 has been resolved.

Also learned a cool debug trick. Execute the command tasklist in Command Prompt (or what I like to call "The Matrix" because I changed my font color to green-on-black). This will give you the "PID" number for Proxomitron.exe. Execute the command netstat -ano | find "PID" (include the quotes but replace with PID#) to debug the port info for Proxomitron.exe (note that my PID changed midway through these screencaps because I exited, made changes, then relaunched Proxomitron).

I'll be adding screencaps for an Serpent 52 setup. Disregard. Credit to JJoe and amy over TUOPF - they have resolved the port 443 versus port 8443 issue and I'll be uploading an updated config later this morning.

So do I on my bank sites. But they're pretty much about the only sites that I get a "green" padlock. I'm exaggerating, of course. But look up at your address bar right now - MSFN has been "red" for close to a year. Doesn't stop us from visiting MSFN or even logging in, now does it?

ps - it's all relative. I've always felt more "secure" behind NoScript + uMatrix + MVPS Hosts and a red "padlock" than I have ever felt behind a "bare" web browser and a green "padlock"

It's an evolutionary process. It has been my understanding that "nobody" in the last YEAR (at least!) has had a consistant "green https" in XP. Proxomitron / ProxHTTPSProxy do not have TLS 1.3 support (yet!). I suspect that a consistant "green https" will not happen until then.

You may need to set your 3 to 2. Did the certificate import successfully? Try these command line switches (at least just temporarily) and see if it works then - --enable-local-file-accesses --allow-insecure-localhost --allow-running-insecure-content

I did find a NoScript alternative called Sybu JavaScript Blocker that would allow Proxomitron scripts while blocking domain scripts but it did not know the difference between bing.com and r.bing.com. It blocked the scripts coming from r.bing.com but didn't even see (and so it allowed them) the scripts coming from bing.com. I've actually abandoned NoScript in favor of Proxomitron - but my fear is that long-time users of NoScript will not give Proxomitron a chance if the two cannot "play in the same sandbox".

Regarding ad-blocking - I personally block all javascript by default and only allow white-listed javascript so that alone blocks the vast majority of ads. But I do acknowledge that such an approach is not for everyone - and that's the power of Proxomitron, fully customizable to the exact needs of its user. You can allow javascript but still block ads through the use of all of the lists - for that approach you may wish to enable and experiment with some of the filters in the "||| Ads" section.

Proxomitron's ad-blocking is almost entirely based on lists. If you right-click on top of the Proxomitron systray icon, a context menu will open and you can see we have 11 lists which all target specific ad methods. You can open/view all of these lists to get a general idea of how they target ads.

Neither Proxomitron, nor Proxomitron Reborn, nor ProxHTTPSProxy, nor ProxHTTPSProxyMII support TLS 1.3. If your browser lacks TLS 1.2 or 1.3, none of them will add TLS 1.2 or 1.3. If your browser does support TLS 1.3, using any of them will disable that support and drop you down to TLS 1.2. It is my understanding that the developer of Proxomitron Reborn does plan on adding TLS 1.3 in the future and she remains active on the Un-Official Proxomitron Forum.