Jump to content

Proxomitron Reborn


Monroe

Recommended Posts

Not 100% sure this is the correct place for this but it is a 'software' program I guess. For anyone using 'The Proxomitron' created by Scott R. Lemmon years ago ...

Scott R. Lemmon - Wikipedia

https://en.wikipedia.org/wiki/Scott_R._Lemmon

Over at the 'The Un-Official Proxomitron Forum' there is a member by the name of Amy that has been working on Proxomitron for over a year looking for bugs and fixes ... the project has been named Proxomitron Reborn and she has released the latest update on Sep 04, 2018 ...

http://prxbx.com/forums/showthread.php?tid=2331&page=6

-------------------------------------------------------------

Sep. 04, 2018, 02:45 AM (This post was last modified: Sep. 05, 2018 02:50 AM by amy.)

amy

 RE: Proxomitron Reborn 4.5.2.0 has been released! This fixes a lot of latent bugs which Scott never got around to (and some, like the multithreading ones, which wouldn't have been visible nor easily reproducible on the single-core hardware of the time), so it can be considered the first improvement release of The Proxomitron since 2003!

Quote:- Fix opening local file URLs
- Fix buffer overflow in proxy test function
- Stabilise and refine header filter ordering - URL: filters are now applied first, and also show first in the list. They are sorted respectively alphabetically.
- Clarify file URLs for opening blocklists: URL commands must be enabled to do so, and if not, a warning message is shown.
- Fix date checking for If-Modified-Since in local file requests. Original code would always respond with "not modified", possibly causing caching problems with local file replacements.
- Fix Show URL in browser for https and add option to include scheme. When adding a URL to a blocklist, the menu option to open in browser was broken for https URLs. Now that has been fixed, and a checkbox added to allow you to include the scheme (https:// or http://) when adding to the list.
- Fix unintentional sign-extension in base-64 encoding. Non-ASCII basswords and such should now encode and decode correctly.
- Fix allow IP range comparison. This was accidentally introduced in the rebuild and not in 4.5j.
- Fix duplicate load and image handle leak when loading textures
- Fix tray icon tooltip (now it says Bypassed when... bypassed)
- Fix memory leak in $STOP()
- Fix memory leak in SSLeayShutdown()
- Fix handling of FEXTRA and FHCRC for gzip format
- Fix Allow for Session certificate dialog with multiple parallel connections. It will not continue asking the same host if you have multiple parallel connections and already said Allow for Session once.
- Fix erroneous check of return value when setting OpenSSL certificate callback
- Fix header filter count decrement race condition. No more erroneous "Filters In Use" with 0 active connections
- Fix saving and restoring window sizes (for multiple-monitor users)
- Fix multithreaded OpenSSL initialisation race condition crash
- Fix positioning of context menus for multiple-monitor systems
- Various cleanup/removal of dead-ends in code.

Thanks for all the feature suggestions --- better SSL/TLS filtering support seems to be "most wanted" at the moment, but here's a list of things planned for 4.6:

- Generate and cache appropriately-named certificates (like ProxHTTPSProxyMII, but integrated)
- A way to better manage the Certificate Error exception list and make it persistent (how about in blockfile format? )
- Allow local.ptron and proxy itself to be accessed via HTTPS, although I'm not sure what browsers can make use of the latter
- $REM() for comments in patterns (requested by mizzmona)

The following 7 users say Thank You to amy for this post:
soccerfan, mizzmona, prxymouse, zoltan, referrer, usr, Callahan

-----------------------------------------------------------

I mention this for anyone interested in and still using Proxomitron.

...

Edited by Monroe
sp
Link to comment
Share on other sites

  • dencorso pinned this topic
  • 1 month later...

There was a new post from Amy at the 'The Un-Official Proxomitron Forum - Proxomitron Reborn' on Oct 29th. She mentions working with certificates and the newer version will be released in the future as 4.6 ... this may be in November.

http://prxbx.com/forums/showthread.php?tid=2331&page=6

Oct. 29, 2018, 03:05 AM

Post: #84 - amy

RE: Proxomitron Reborn I have been testing the cert generation/caching for over a month, unlike ProxHTTPSProxyMII I've chosen to cache the last 1000 certificates in memory only and not bother writing to disk --- so if you restart Proxomitron it'll generate new ones again. (I also initially tried generating a new cert every time, which wasn't noticeably slower and I might've chosen to do that if it weren't for a bug in a certain browser which causes a crash if it sees two requests for the same hostname return different certificates...) Let me know if you see any problems with doing it this way, otherwise I'll soon (within a month) release 4.6 with this and the other features listed above.

(Sep. 26, 2018 05:33 AM)rasczak Wrote:  When using half-ssl with proxo reborn there's a bug where the Host header contains the half-ssl proxy prefix. For example, this site's Host header appears:
Host: https-px-.www.prxbx.com

You can reproduce the bug using sidki's latest config set, sidki_2011-12-22rc1, and turning on the half-ssl filters
https://www.prxbx.com/forums/showthread.php?tid=1870

Will be fixed in 4.6, but if you really want to, I can add the fix to 4.5.2.0 and release 4.5.2.1 (which will only differ from .0 by this fix.) Your choice.

...

Edited by Monroe
sp
Link to comment
Share on other sites

  • 1 month later...

Amy - 'Proxomitron Reborn' has has released a major new update a few days ago. Certificates generated with correct names and HTTPS working have been added. I am not going to say much about this new release as I am still trying to figure my settings out. I am understanding this new update better than I did 24 hours ago ... but I think I have more steps to cover.

So anyone that likes or once liked Proxomitron ... hit on the link (Page 06) below and start reading ... on Page 08 now.

http://prxbx.com/forums/showthread.php?tid=2331&page=6


Dec. 10, 2018

Amy

RE: Proxomitron Reborn

4.6.0.0 has been released! This version contains the following changes:

- Add missing update of Host header after redirection
This was a bug I introduced, which managed to creep its way through all the -Reborn versions. Thanks to rasczak for spotting it!

- Certificates generated with correct names
No longer deal with unfilterable HTTPS pages or "host name does not match" warnings/errors from browsers! The Proxomitron now generates certificates, signed by its own root, for each hostname to satisfy browser checks.

- $REM() pseudocommand
At the request of mizzmona, the $REM pseudocommand allows including commentary in filter expressions. Within the parentheses, write anything which will be ignored completely by the matching engine. Ensure to balance inner parentheses, or escape them and other special characters.

- Add HTTPS to local.ptron
Simply set the port in the new HTTPS settings tab to an unused one (e.g. 8443), restart Proxomitron, and visit e.g. https://local.ptron:your_port/.pinfo/ or any local path to see files served over HTTPS! https://localhost:your_port/ and https://127.0.0.1:your_port/ will work too, thanks to the Subject Alternative Names in the certificate that it generates. If you don't need this option, set the port to 0 and it will stop listening for HTTPS. The new configuration file keyword is SslPort in the Global section, and its default is 0.

- HTTPS configuration options for cipher suite selection and certificate error bypass
Also present in the new configuration dialog tab are two fields which correspond to two new keywords in the global configuration file section: SslCiphers and BypassCertErrs.

The former allows controlling the cipher suites which Proxomitron's SSL client (as presented to external sites) advertises support for; its format is a string that is documented at https://www.openssl.org/docs/man1.0.2/apps/ciphers.html . Leave it blank to use the default, which is currently "ALL:!eNULL:!aNULL:!EXP:!DES:!RC2:!SSLv2:!PSK:!aECDH:!CAMELLIA:!SEED:@STRENGTH". This is useful for the advanced users to fine-tune their TLS/SSL configuration.

The latter is a flexible way to specify sites which you do not want to be warned of certificate errors with; you can use any of Proxomitron's filtering language to construct an expression which will be matched against the hostname. This means you can use blockfiles too! Leaving this field blank (the default) means it will not match any hostname, and thus the behavour will be unchanged from before.

- Add details to certificate error dialog
The certificate error dialog now shows the entire certificate details instead of only the name and its validity period dates. Useful for troubleshooting certificate errors.

- Add root certificate generation
This is the biggest new feature, and is accessible from the bottom button in the new HTTPS configuration tab. If you have an existing certificate in use, you can still click this button and look around; it will warn you that if you try to generate a certificate, it will replace your existing one. This new dialog allows you to specify some fields of the certificate to be generated, and if you have an existing certificate it conveniently duplicates the same information from it and lets you generate a new one with a validity period of another 5 years. You can choose the key size and algorithm, keeping in mind that not all browsers will support the more advanced ones, and that this certificate is only used to "fool" browsers into behaving since Proxomitron does most of the work of encryption and validation now. It makes sense to choose the most "insecure" that browsers will accept, because it improves performance. If you click Generate, it will create/overwrite the proxcert.pem and proxcert_certonly.pem files, and then after restarting Proxomitron and installing the certificate as a trusted root in the browser(s) you use, you can start experiencing real SSL filtering!

Enjoy! As always, please leave your feedback here and I will try to respond when I can.

...

Edited by Monroe
sp
Link to comment
Share on other sites

  • 2 weeks later...

A Christmas gift from Amy at the Proxomitron forum ... newer version.

Dec. 25, 2018, 10:15 PM
RE: Proxomitron Reborn

4.6.0.1 has been released! Merry Christmas!

Changes in this release:
- Generate certificate serial number from hostname
- Always add SAN to certificates
- Fix buffer overflow in request parsing
- Fix adding manually entered blockfile entries
- Fix parsing of CONNECT URLs
- Fix listener startup message

http://prxbx.com/forums/showthread.php?tid=2331&page=9

Update on Page 01 - Always the First Post ...

http://prxbx.com/forums/showthread.php?tid=2331

She also mentions about some major changes ... if she has the time next year and can 'figure' everything out correctly.

"amy Wrote: Your suggestions have been logged for version 5.x improvements."

...

Edited by Monroe
sp
Link to comment
Share on other sites

A new version update was released yesterday (Dec 28). It looks like these 'little updates' could occur frequently over the next few months ... as problems are being discovered and fixed.

I don't know how many people are following this or have an interest in Proxomitron. I think the people that do use Proxomitron can just bookmark the site and check for updates every week or two. Lots of heavy discussion going on over there ... most of it is 'over my head' ... but these are the right people involved for a better version of Proxomitron in the future, maybe by the end of 2019. I left all the discussion in the post by Amy of the new update, it's interesting reading.

Page 10:

http://www.prxbx.com/forums/showthread.php?tid=2331&page=10

------------------------------------------

Yesterday, 03:40 AM (This post was last modified: Yesterday 03:52 AM by amy.)
Post: #138
amy

RE: Proxomitron Reborn

4.6.0.2 has been released. It contains one fix:
- Make generated certificates version 3.

(Dec. 26, 2018 02:17 AM) whenever Wrote:
I'm afraid you all didn't get my point. What I'm talking about is if to make the resources at https://local.ptron available via 443" rel="nofollow" >https://127.0.0.1sad smiley443|8443). My opinion is NO because it has security risks and the original version doesn't do it either (the resources at http://local.ptron is not available via http://127.0.0.1).

Yes it is, you just have to specify the port.

In other words, original Proxomitron had one listener (on port 8080 by default) which serves both the proxy and the internal webserver. In 4.6 I added a second listener which behaves exactly the same as the original one, except it's wrapped in a TLS socket.


(Dec. 27, 2018 04:40 AM) JJoe Wrote:
Good news is, I hope I know what the problem is...

Subject Alternative Name (SAN) is an X.509 version 3 certificate extension.
The generated certificate claims to be version 1, so Opera (and probably Chrome) just says no.

Such picky browsers... Fixed in 4.6.0.2.


(Dec. 26, 2018 02:17 AM) whenever Wrote:
It occurs with Scott's original too, and I can reproduce it on my PC (win10x64).

- Start the program freshly
- Click its icon on the tray to make its main window appear
- Press and hold the Alt key

The controls would appear and respond when you click their positions.


(Dec. 26, 2018 04:40 AM) mizzmona Wrote:
Yeah, it's been noted for 5.1 since about 2005, at least...

(Depending on OS) At initial program startup, pressing "Alt" key clears UI face. Minimize & reopen to restore.

Sorry, completely forgot to mention it. D'oh!

I have not been able to reproduce this (on XP 32 bit --- maybe I need to get a VM of a newer OS and try it...) but I bet it's related to all the code Scott added for custom drawing of textures and such. You can see M$ is showing increasingly less care for custom-drawn controls and UI customisation in general, so the one way to fix this is probably to remove all that custom drawing code and default back to the OS drawing when textures are disabled. I personally don't use the texture option, but I really don't want to remove the option for everyone either.
...

Edited by Monroe
sp
Link to comment
Share on other sites

  • Tarun unpinned this topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...