Jump to content

Web Browser + Proxomitron Reborn + PtronGUI --- A How-To Guide


Recommended Posts

The developer of Proxomitron "Reborn" claims that I should not need ProxHTTPSProxyMII - but there is clearly a difference in how .css and .js are "injected" into web pages.

Consider this project on-hold until the developer of Proxomitron "Reborn" and I can discuss various nuances on-the-side.

Link to comment
Share on other sites


Hip Hip Hooray.  For those that have been patiently waiting, the first several posts of this thread are now good-to-go as far as a guide on getting Proxomitron configured properly.

Not sure how much interest there is for Proxomitron, hopefully there will at least be a few  :cool:

We should be able to use this thread as a Q & A.

One of these days, I'll post a filter that breaks the "keylogger" in this reply box - just as an example that we can all relate to.

I may end up doing some YouTube / Google / Bing filters along the way also.

Link to comment
Share on other sites

As far as MSFN's reply-box keylogger, it is blocked without any additional filters.
I've verified this in "Advanced Mode" (the default mode is "Standard Mode", I did not test in "Standard Mode").
You change "mode" using the Headers button -

image.png.e366b0bbda1e838e457b8d41ed6add85.png   image.png.8b3a2f47f6f314a435d404737d47c144.png

 

And you can manually "activate" the keylogger (for those that want the "feature") by clicking on the "timer" button in the lower left corner -
The "listen: click" button is because I also activate the "Be more restrictive" Web Filter -

image.png.e9926101490c3d60f77c37dee295c73a.png   image.png.fb43f2b8f0a78a850a9df3804a3f0008.png

Link to comment
Share on other sites

9 hours ago, NotHereToPlayGames said:

ps - I do still need to find a solution for, as an example, allowing Proxomitron javascript on www.bing.com without allowing bing.com javascript on www.bing.com as far as NoScript is concerned.  Saving that for another day.

Maybe rewrite all pages to be iframes in a container Proxo page? lol

This may drag a whole host of other issues though.

Link to comment
Share on other sites

@NotHereToPlayGames

Many thanks about this thread ! :lol:
I'm aware of Proximitron since more than 10 years but the lack of documentation was a big issue.

Can I replace ProxHTTPSProxyMII by Proximitron by adding TLS 1.2 or 1.3 support to browsers that lack these features ?
If I'm right, The OpenSSL DLLs that you provide only support TLS 1.2 ?

Can you explain us how to block ads with Proximitron ?
A solution based on lists of blocked domains would be welcome as a solution without lists (BFilter ?).


My goals :

TLS 1.2 and 1.3 support
block all ads
whatever else that would be interesting to be blocked

Link to comment
Share on other sites

1 hour ago, genieautravail said:

Can I replace ProxHTTPSProxyMII by Proximitron by adding TLS 1.2 or 1.3 support to browsers that lack these features ?

Neither Proxomitron, nor Proxomitron Reborn, nor ProxHTTPSProxy, nor ProxHTTPSProxyMII support TLS 1.3.
If your browser lacks TLS 1.2 or 1.3, none of them will add TLS 1.2 or 1.3.
If your browser does support TLS 1.3, using any of them will disable that support and drop you down to TLS 1.2.
It is my understanding that the developer of Proxomitron Reborn does plan on adding TLS 1.3 in the future and she remains active on the Un-Official Proxomitron Forum.

Link to comment
Share on other sites

1 hour ago, genieautravail said:

Can you explain us how to block ads with Proximitron ?
A solution based on lists of blocked domains would be welcome as a solution without lists (BFilter ?).

Proxomitron's ad-blocking is almost entirely based on lists.
If you right-click on top of the Proxomitron systray icon, a context menu will open and you can see we have 11 lists which all target specific ad methods.
You can open/view all of these lists to get a general idea of how they target ads.
 

image.png.8abf49f7fadac05fe59a404aa55f0073.png   image.png.ea161e5804e38c8252016b3b28fcfc40.png

image.png.d0e18af3ee1131892d1a5cfcc06f2cf4.png   image.png.9f9a1a6f87f2389ce450a3fe1d3a9c74.png

Link to comment
Share on other sites

Regarding ad-blocking - I personally block all javascript by default and only allow white-listed javascript so that alone blocks the vast majority of ads.
But I do acknowledge that such an approach is not for everyone - and that's the power of Proxomitron, fully customizable to the exact needs of its user.
You can allow javascript but still block ads through the use of all of the lists - for that approach you may wish to enable and experiment with some of the filters in the "||| Ads" section.

image.png.54b24ef894a453bd66ebc876b7797a4a.png

Link to comment
Share on other sites

2 hours ago, RainyShadow said:

Maybe rewrite all pages to be iframes in a container Proxo page? lol

:roll1:

I did find a NoScript alternative called Sybu JavaScript Blocker that would allow Proxomitron scripts while blocking domain scripts but it did not know the difference between bing.com and r.bing.com.

It blocked the scripts coming from r.bing.com but didn't even see (and so it allowed them) the scripts coming from bing.com.

I've actually abandoned NoScript in favor of Proxomitron - but my fear is that long-time users of NoScript will not give Proxomitron a chance if the two cannot "play in the same sandbox".

Link to comment
Share on other sites

Hi there. I managed to set it up, as instructed, in SP52. Due to some of the settings below (which one I have to remember/figure out), though, I have to allow visited sites one by one (see attached pics). I will keep testing over the week and report back.

 

1.png.6f6e3f8a800c4efe33c92066f8977212.png

 

3.thumb.png.c36a69cd1be3836f5bbf573bb2a343b8.png

Also note that -more likely due to current restrictions in my set up and their interaction with proxomitron, it is not possible for me to -for example- reply in this forum.  These are of course things that I thing can be solved with tweaking.

4.thumb.png.97da0b3057134adce395b89e74497e18.png

With chrome, I was not able to make it work. I will keep trying, but it may be due to restrictions in my systems. Thanks!

 

The settings that may be causing the issue reported in the first two pics are:

user_pref("security.nocertdb", true); // add 
user_pref("breakpad.reportURL", "127.0.0.1"); // set
user_pref("browser.ssl_override_behavior", 1); // set
user_pref("browser.xul.error_pages.enabled, true); // default
user_pref("browser.xul.error_pages.expert_bad_cert", true); // set
user_pref("security.block_script_with_wrong_mime", true); // default
user_pref("security.OCSP.enabled", 0); // set
user_pref("security.OCSP.require", false); // default verify (options)
user_pref("security.ssl.enable_ocsp_stapling", true); // default
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // set
user_pref("security.cert_pinning.enforcement_level", 1); // default
user_pref("security.mixed_content.block_active_content", true); // default
user_pref("security.mixed_content.block_display_content", true); // set
user_pref("security.mixed_content.send_hsts_priming", true); // default
user_pref("security.pki.sha1_enforcement_level", 3); // default
user_pref("security.ssl.errorReporting.url", "127.0.0.1"); //add
user_pref("security.ssl.require_safe_negotiation", true); // set
user_pref("security.tls.version.fallback-limit", 3); // default
user_pref("security.tls.version.min", 3); // set
user_pref("security.ssl.disable_session_identifiers", true); // add
user_pref("security.nocertdb", true); // add 
user_pref("breakpad.reportURL", "127.0.0.1"); // set
user_pref("browser.ssl_override_behavior", 1); // set
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // set
user_pref("security.cert_pinning.enforcement_level", 1); // default
user_pref("security.mixed_content.block_active_content", true); // default
user_pref("security.mixed_content.block_display_content", true); // set
user_pref("security.mixed_content.send_hsts_priming", true); // default
user_pref("security.pki.sha1_enforcement_level", 3); // default
user_pref("security.ssl.errorReporting.url", "127.0.0.1"); //add
user_pref("security.ssl.require_safe_negotiation", true); // set
user_pref("security.tls.version.fallback-limit", 3); // default
user_pref("security.tls.version.min", 3); // set
user_pref("security.ssl.disable_session_identifiers", true); // add
 

2.png

Link to comment
Share on other sites

17 minutes ago, dmiranda said:

user_pref("security.tls.version.min", 3); // set

You may need to set your 3 to 2.
Did the certificate import successfully?

image.png.7cbd390d707fda42148be3717caad0b9.png

 

18 minutes ago, dmiranda said:

With chrome, I was not able to make it work.

Try these command line switches (at least just temporarily) and see if it works then -
 --enable-local-file-accesses --allow-insecure-localhost --allow-running-insecure-content

Link to comment
Share on other sites

On 1/16/2022 at 11:43 AM, NotHereToPlayGames said:

In 360Chrome -
After this, 360Chrome is ready-to-go and you can skip the next post.

image.png.01912c5782855ac02a5bfd2cec403aa8.png


You have done everything correctly if https://www.google.com/ now looks like this -

image.png.a0924cec3681de59ab27900937aa5e39.png

Are you sure this is "ready-to-go"?

Does the https:// part in 360Chrome become green and not striked-out later IF you skip the next post (i.e. someone who don't use FF-based browsers)?

If not, you'll need to manually import the certificate in the IE store too.

Link to comment
Share on other sites

It's an evolutionary process.

It has been my understanding that "nobody" in the last YEAR (at least!) has had a consistant "green https" in XP.

Proxomitron / ProxHTTPSProxy do not have TLS 1.3 support (yet!).  I suspect that a consistant "green https" will not happen until then.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...