Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Destro

How you really browse the web on 98/ME in 2019

Recommended Posts

I was fed up with Burp systematically corrupting the registry lately so I'm now blocking the PortSwigger site by adding the following lines (not all might be necessary) to the Windows HOSTS file:

127.0.0.1    54.246.133.196
127.0.0.1    portswigger.net
127.0.0.1    www.portswigger.net

The only downside is that the PortSwigger site can't be accessed anymore by any software (unless using a web proxy with a browser I guess). All the free extender entries in the Burp registry key can be deleted (saving about 1MB of registry space) and won't come back and neither will corruption. Burp help is embedded in the jar at Burp.jar\resources\Documentation\ and can be extracted for offline viewing.

And something I forgot to mention about Burp is that you can make the jar file much smaller by deleting the x64 folders in the burpbrowser-binaries folder inside the jar, saves some significant disk space.

  • Upvote 1

Share this post


Link to post
Share on other sites

I've updated my Opera 12.02 Certificate Authorities by collating certificates from the current Microsoft Roots Update CA, Mozilla NSS root certificate store and Azul JDK 8 keystore.

Microsoft is the largest source of certificates and only one certificate from Mozilla and a handful from the JDK aren't already in Microsoft's Roots Update.

Microsoft's Roots Update installs 51 expired certificates which I discarded leaving me with a total of 368 unique valid certificates. Of these, another 51 failed to install in Opera, 42 of which because they are elliptic curve certificates and the remainder 9 for unknown reason (they are RSA like the rest).

In total 317 certificates have been installed but of course not all are new. You can grab the updated "keystore" file (cleaned from my personal certificates, Burp, ZAP, etc...) at the following link if you want: https://filebin.net/k3x0x97yygo19ylh

To install, close Opera and overwrite the original opcacrt6.dat which should located at C:\WINDOWS\Application Data\Opera\OPERA by default. You'll need to reinstall your Burp certificate and other similar certificates if you use any after that.

Tools I used: OpenSSL executable (format conversion), KeyStore Explorer (viewing certificates and extracting some) and Clone Spy (pruning duplicates).
 

  • Upvote 1

Share this post


Link to post
Share on other sites
Quote

Your Browser's Connection Security is Outdated

English: Wikipedia is making the site more secure. You are using an old web browser that will not be able to connect to Wikipedia in the future. Please update your device or contact your IT administrator.

We are removing support for insecure ciphersuites using the CBC mode, specifically DHE-RSA-AES128-SHA, which your browser software relies on to connect to our sites. This is usually caused by outdated browsers, or older Android smartphones. Or it could be interference from corporate or personal "Web Security" software, which actually downgrades connection security.

You must upgrade your web browser or otherwise fix this issue to access our sites. This message will remain until September 25, 2020. After that date, your browser will not be able to establish a connection to our servers.
 

I don't quite understand the necessity for connecting to a site such as Wikipedia securely at all, this is just a free online encyclopedia, not a bank or a shop, these people have lost their mind completely...  
 

  • Like 2

Share this post


Link to post
Share on other sites

Hi loblo. The sentiment is understood and pretty much shared. It is, however, a site where contributors need to login securely to edit information and manage their accounts, just like these forums. Since Wikipedia is so universal, however, it would be nice if they provided HTTP read-only accessibility for those that just want to read information from old systems.

Did a couple quick Wikipedia searches in RetroZilla just now, it's working fine. Maybe i hit a couple old servers or i'm from a different location.

Share this post


Link to post
Share on other sites

They will be disabling that cypher next month. Disable it in your browser now to test whether Wikipedia will still work after they do.

 

Share this post


Link to post
Share on other sites

Well security.ssl3.dhe_rsa_aes_128_sha was toggled from true to false. Cleared cache, restarted RetroZilla and thankfully both John Travolta and Olivia Newton-John's wiki entries are still available, i will rest easy tonight :)

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

A slightly modified version (complying with Apache License v2) of the Opera 12 Wayback Machine extension which jumps straight to the earliest capture of a page instead of the calendar page whose rendering is broken since some time. It's then possible to navigate to more recent captures by adequately clicking on the top banner. Well useful for me. Drag the oex file onto Opera's interface to install.

https://www.filedropper.com/waybackmachineextension4opera122020

Edited by loblo

Share this post


Link to post
Share on other sites
On 7/27/2020 at 10:09 PM, loblo said:

As a convenient solution for downloading at full speed from most sites Opera can't connect to without Burp I have integrated the latest Corone build of cURL for XP in Opera links menu on web pages (I couldn't get it to work in the links panel though).

https://rwijnsma.home.xs4all.nl/files/curl/

[Link Popup Menu]
Item, Download with cURL (Remote Name) = Execute program, "C:\Program Files\curl\Curl.exe", " -L -k -O -C - --retry 10 --retry-max-time 10 --retry-delay 5 %l"
Item, Download with cURL (Remote Header Name) = Execute program, "C:\Program Files\curl\Curl.exe", " -L -k -O -J -C - --retry 10 --retry-max-time 10 --retry-delay 5 %l"

Clipboard-1.png

It's not posible to specify a download directory for cURL when using the -O switch as it doesn't have such an option and simply downloads files in the current working dir so I start Opera from a shortcut in which I set the working dir as the one where I want the cURL downloads to go.

After update to latest "curl-7.72.0-mbedtls-zlib-win32-static-xpmod-sse.7z" I get an error: Error starting Program: The Curl.exe is linked to missing export msvcr70.dll: _vsnprintf_s. Curl 7.69.1 is OK.

Share this post


Link to post
Share on other sites

No version of Msvcr70.dll ever exported _vsnprintf_s, so this is a typo or a file has been hacked. Should be Msvcr80.dll or higher, or Msvcrt.dll from Vista (ver 7.0) or later.

 

Share this post


Link to post
Share on other sites

Yes, oddly your Imortpatcher gives "[msvcrt.dll] _vsnprintf_s=" and the DependencyWalker shows msvcr70, too.?

Share this post


Link to post
Share on other sites
Posted (edited)
25 minutes ago, Goodmaneuver said:

Perhaps you have MSVCRT = MSVCR70.DLL in KnownDLLs set in registry.

That is right, but it makes no difference, if the Msvcrt is "really" replaced by msvcr70. Ok I see, if it is really replaced the Dependency walker shows msvcrt, too.

Edited by schwups

Share this post


Link to post
Share on other sites

I have a large set of Msvc*.dll files in a MSVC subfolder of %windir%\Kernelex.  This redirects Msvcrt.dll only when Kernelex is enabled:

 

<tt>

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Kernelex\KnownDLLs]

"MSVCRT"="MSVC\MSVCR80.DLL"

</tt>

 

I'm working on implementing per-profile redirection.

 

Share this post


Link to post
Share on other sites
Posted (edited)
22 hours ago, schwups said:

That is right, but it makes no difference, if the Msvcrt is "really" replaced by msvcr70

Yes only because MSVCRT is MSVCR70 but you wanted to know why MSVCR70 was loaded. The registry has first priority as it is loaded very early and of which you have said with the registry - every time MSVCRT is to be loaded, do not do that, load MSVCR70 instead.

16 hours ago, jumper said:

I have a large set of Msvc*.dll files in a MSVC subfolder of %windir%\Kernelex.  This redirects Msvcrt.dll only when Kernelex is enabled:

I have KernelEx loaded with every program and from what registry settings you are using MSVCR80 will take the place of MSVCRT when ever KernelEx is loaded. Use Process Explorer to see what libraries are loaded with each program. Perhaps you have Explorer.exe set KernelEx disabled, but with default as BASE KernelEx is loaded.

I tried the sub directory idea for UNICOWS.dll as a knowndll of KernelEx. Interesting:- I get an error at runtime. Error is Rundll32 has caused an error in KEXBASEN Rundll32 will now close.

The per-profile redirection can you explain this? KexStubs is for stubbing but can a program be had that functions can be redirected to other libraries that have that function for use with KernelEx?

Edited by Goodmaneuver

Share this post


Link to post
Share on other sites
Posted (edited)

I use MiniSnap and Procwin 1.6 to get details for the libraries loaded by a process. Also Taskinfo2000 2.1.

By profile I mean a compatibility mode enhanced to include other module options plus its own KnownDLLs module redirection set.

Kexstubs also supports api forwarding to other libraries.

 

Edited by jumper
Added website link.
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...