Jump to content

Problems accessing certain sites (Https aka TLS)


Recommended Posts


does anyone know some alternatives? Burp Suite was mentioned before, but it still gave an error on TLS1.1-TLS1.2 pages, and i found no related option that fixed it, either in the proxy settings or sll tab in project settings. plus it seems really slow and seems like the window always needs to be open for it to work.

Link to comment
Share on other sites

@Youse

No. I have searched for many month and found no other sutible solution. (May be there is another, but I didn't found it.)

And same experience with Burp Suite.

First effort was sTunnel and I have had success with it for Outlook to reactivate a TLS connection to my email provider as he switched from TLS1.0 to 1.2

Then came ProxHTTPSProxMII for WinXP HTTPS, found here in the MSFN forum as a tip.

Sorry, it is as good as it will be with this old operating system at all.

Link to comment
Share on other sites

20 hours ago, heinoganda said:

you have the corresponding virus scanner manufacturer make a "false positive" message

@heinoganda

I have send a email to the false pos AV manufacturers - two answered until now that the HTTPSProxy.exe (last 2018-11-06) is clean.

But today the rating is rising to 21/68 (without this two manufacturers) - what a mess :realmad:

496451494_VirusTotal2018-11-14.thumb.jpg.f3dde4005562d472e71a6b8ccd9057e4.jpg

Link to comment
Share on other sites

@Thomas S.

Can comfort you, with my updated HTTPSProxy I still have problems with the remaining virus scanners.

https://www.virustotal.com/en/file/bc78dab7ca166aa7f33fd10fd51c79a14a39cda8b8f0071561307e659f5e15e3/analysis/1542245373/

Meanwhile, it becomes more and more problematic the false positives seem to be taken seriously. :realmad:

:)

Link to comment
Share on other sites

Reporting that behavior to the AV manufacturers do not help.

After a "CLEAN" report and whitelisting the exe some come back a few days later with another false positive alert.

I wrote to VirusTotal and got a list with the adresses of the AV manufacturers. It seems that it is up to date.

See AV.xls

Edited by Thomas S.
Link to comment
Share on other sites

  • 3 weeks later...

New cacert.pem from Curl released (RootCA certificates used by HTTPSProxy).

If you do not have AutoUpdate enabled (provided by Launcher) update the file manually as soon as possible.

This file is also used by sTunnel (here renamed to ca-certs.pem), so you can copy it to the config folder of sTunnel.

Header:

##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Wed Dec  5 04:12:10 2018 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
## file (certdata.txt).  This file can be found in the mozilla source tree:
## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
##
## It contains the certificates in PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.27.
## SHA256: 35b415062acb8c2c27607083b5b3bec8f4ff57463c9b9f06db3e8df3ea895592
##

 

Edited by Thomas S.
Link to comment
Share on other sites

  • 1 month later...

New version (1.5) of ProxHTTPSProxyMII released by the original author:

On 1/28/2019 at 2:26 PM, Mathwiz said:

The versions of ProxHTTPSProxyMII we've been using all derive from version 1.4 of the original, but apparently it's still being maintained by the original author, and last June a version 1.5 was released with some changes:

Quote

Version 1.5 (20180616)
--------------
+ SubjectAltNames support for DNS and IP
- Leading '*' in commonname.
* Generated cert's Subject field still uses '*' due to some hosts using more characters than allowed.
Example: 18cfdfd73150f69310ab-4d842a0601d0ae955a714605e7fb6d6f.ssl.cf2.rackcdn.com.

The full version, compiled with Python 3.4, is at http://jjoe.proxfilter.net/ProxHTTPSProxyMII/files/ProxHTTPSProxyMII 1.5 34cx_freeze5.0.1urllib3v1.22Win32OpenSSL_Light-1_0_2o-1_1_0h.zip. (Whew; what a file name)

I'm running it now; seems to work fine. I can access Wikipedia from IE8. (I know; why would you want to? But it's a good test due to Wikipedia's ECC cert. :D)

Edited by Mathwiz
Link to comment
Share on other sites

Have new build generated by ProxHTTPSProxy v1.5 (Rev3a), with small changes script, various python modules updated, config.ini supplemented by some entries, CA certificates (cacert.pem) updated and alternativ cacert.pem from MSCerts (Cert_Updater) 11/28/2018.
If anyone has interest please write a PM to me.

Info:
At Python 3.44 the support ends in March 2019. With the latest cryptography module version 2.5 (Jan 22, 2019) ProxHTTPSProxy does not work on Windows XP anymore. Last working version 2.4.2 (Nov 21, 2018).

:)

Edited by heinoganda
Change in support end at Python 3.44 from 2018 to 2019
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...