NotHereToPlayGames Posted January 24, 2022 Author Share Posted January 24, 2022 The developer of Proxomitron "Reborn" claims that I should not need ProxHTTPSProxyMII - but there is clearly a difference in how .css and .js are "injected" into web pages. Consider this project on-hold until the developer of Proxomitron "Reborn" and I can discuss various nuances on-the-side. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 24, 2022 Author Share Posted January 24, 2022 9 hours ago, NotHereToPlayGames said: there is clearly a difference in how .css and .js are "injected" into web pages We may have found a solution. Still testing... Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 Hip Hip Hooray. For those that have been patiently waiting, the first several posts of this thread are now good-to-go as far as a guide on getting Proxomitron configured properly. Not sure how much interest there is for Proxomitron, hopefully there will at least be a few We should be able to use this thread as a Q & A. One of these days, I'll post a filter that breaks the "keylogger" in this reply box - just as an example that we can all relate to. I may end up doing some YouTube / Google / Bing filters along the way also. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 ps - I do still need to find a solution for, as an example, allowing Proxomitron javascript on www.bing.com without allowing bing.com javascript on www.bing.com as far as NoScript is concerned. Saving that for another day. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 As far as MSFN's reply-box keylogger, it is blocked without any additional filters. I've verified this in "Advanced Mode" (the default mode is "Standard Mode", I did not test in "Standard Mode"). You change "mode" using the Headers button - And you can manually "activate" the keylogger (for those that want the "feature") by clicking on the "timer" button in the lower left corner - The "listen: click" button is because I also activate the "Be more restrictive" Web Filter - Link to comment Share on other sites More sharing options...
RainyShadow Posted January 25, 2022 Share Posted January 25, 2022 9 hours ago, NotHereToPlayGames said: ps - I do still need to find a solution for, as an example, allowing Proxomitron javascript on www.bing.com without allowing bing.com javascript on www.bing.com as far as NoScript is concerned. Saving that for another day. Maybe rewrite all pages to be iframes in a container Proxo page? lol This may drag a whole host of other issues though. Link to comment Share on other sites More sharing options...
genieautravail Posted January 25, 2022 Share Posted January 25, 2022 @NotHereToPlayGames Many thanks about this thread ! I'm aware of Proximitron since more than 10 years but the lack of documentation was a big issue. Can I replace ProxHTTPSProxyMII by Proximitron by adding TLS 1.2 or 1.3 support to browsers that lack these features ? If I'm right, The OpenSSL DLLs that you provide only support TLS 1.2 ? Can you explain us how to block ads with Proximitron ? A solution based on lists of blocked domains would be welcome as a solution without lists (BFilter ?). My goals : TLS 1.2 and 1.3 support block all ads whatever else that would be interesting to be blocked Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 1 hour ago, genieautravail said: Can I replace ProxHTTPSProxyMII by Proximitron by adding TLS 1.2 or 1.3 support to browsers that lack these features ? Neither Proxomitron, nor Proxomitron Reborn, nor ProxHTTPSProxy, nor ProxHTTPSProxyMII support TLS 1.3. If your browser lacks TLS 1.2 or 1.3, none of them will add TLS 1.2 or 1.3. If your browser does support TLS 1.3, using any of them will disable that support and drop you down to TLS 1.2. It is my understanding that the developer of Proxomitron Reborn does plan on adding TLS 1.3 in the future and she remains active on the Un-Official Proxomitron Forum. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 1 hour ago, genieautravail said: Can you explain us how to block ads with Proximitron ? A solution based on lists of blocked domains would be welcome as a solution without lists (BFilter ?). Proxomitron's ad-blocking is almost entirely based on lists. If you right-click on top of the Proxomitron systray icon, a context menu will open and you can see we have 11 lists which all target specific ad methods. You can open/view all of these lists to get a general idea of how they target ads. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 Regarding ad-blocking - I personally block all javascript by default and only allow white-listed javascript so that alone blocks the vast majority of ads. But I do acknowledge that such an approach is not for everyone - and that's the power of Proxomitron, fully customizable to the exact needs of its user. You can allow javascript but still block ads through the use of all of the lists - for that approach you may wish to enable and experiment with some of the filters in the "||| Ads" section. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 2 hours ago, RainyShadow said: Maybe rewrite all pages to be iframes in a container Proxo page? lol I did find a NoScript alternative called Sybu JavaScript Blocker that would allow Proxomitron scripts while blocking domain scripts but it did not know the difference between bing.com and r.bing.com. It blocked the scripts coming from r.bing.com but didn't even see (and so it allowed them) the scripts coming from bing.com. I've actually abandoned NoScript in favor of Proxomitron - but my fear is that long-time users of NoScript will not give Proxomitron a chance if the two cannot "play in the same sandbox". Link to comment Share on other sites More sharing options...
dmiranda Posted January 25, 2022 Share Posted January 25, 2022 Hi there. I managed to set it up, as instructed, in SP52. Due to some of the settings below (which one I have to remember/figure out), though, I have to allow visited sites one by one (see attached pics). I will keep testing over the week and report back. Also note that -more likely due to current restrictions in my set up and their interaction with proxomitron, it is not possible for me to -for example- reply in this forum. These are of course things that I thing can be solved with tweaking. With chrome, I was not able to make it work. I will keep trying, but it may be due to restrictions in my systems. Thanks! The settings that may be causing the issue reported in the first two pics are: user_pref("security.nocertdb", true); // add user_pref("breakpad.reportURL", "127.0.0.1"); // set user_pref("browser.ssl_override_behavior", 1); // set user_pref("browser.xul.error_pages.enabled, true); // default user_pref("browser.xul.error_pages.expert_bad_cert", true); // set user_pref("security.block_script_with_wrong_mime", true); // default user_pref("security.OCSP.enabled", 0); // set user_pref("security.OCSP.require", false); // default verify (options) user_pref("security.ssl.enable_ocsp_stapling", true); // default user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // set user_pref("security.cert_pinning.enforcement_level", 1); // default user_pref("security.mixed_content.block_active_content", true); // default user_pref("security.mixed_content.block_display_content", true); // set user_pref("security.mixed_content.send_hsts_priming", true); // default user_pref("security.pki.sha1_enforcement_level", 3); // default user_pref("security.ssl.errorReporting.url", "127.0.0.1"); //add user_pref("security.ssl.require_safe_negotiation", true); // set user_pref("security.tls.version.fallback-limit", 3); // default user_pref("security.tls.version.min", 3); // set user_pref("security.ssl.disable_session_identifiers", true); // add user_pref("security.nocertdb", true); // add user_pref("breakpad.reportURL", "127.0.0.1"); // set user_pref("browser.ssl_override_behavior", 1); // set user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); // set user_pref("security.cert_pinning.enforcement_level", 1); // default user_pref("security.mixed_content.block_active_content", true); // default user_pref("security.mixed_content.block_display_content", true); // set user_pref("security.mixed_content.send_hsts_priming", true); // default user_pref("security.pki.sha1_enforcement_level", 3); // default user_pref("security.ssl.errorReporting.url", "127.0.0.1"); //add user_pref("security.ssl.require_safe_negotiation", true); // set user_pref("security.tls.version.fallback-limit", 3); // default user_pref("security.tls.version.min", 3); // set user_pref("security.ssl.disable_session_identifiers", true); // add Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 17 minutes ago, dmiranda said: user_pref("security.tls.version.min", 3); // set You may need to set your 3 to 2. Did the certificate import successfully? 18 minutes ago, dmiranda said: With chrome, I was not able to make it work. Try these command line switches (at least just temporarily) and see if it works then - --enable-local-file-accesses --allow-insecure-localhost --allow-running-insecure-content Link to comment Share on other sites More sharing options...
RainyShadow Posted January 25, 2022 Share Posted January 25, 2022 On 1/16/2022 at 11:43 AM, NotHereToPlayGames said: In 360Chrome - After this, 360Chrome is ready-to-go and you can skip the next post. You have done everything correctly if https://www.google.com/ now looks like this - Are you sure this is "ready-to-go"? Does the https:// part in 360Chrome become green and not striked-out later IF you skip the next post (i.e. someone who don't use FF-based browsers)? If not, you'll need to manually import the certificate in the IE store too. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted January 25, 2022 Author Share Posted January 25, 2022 It's an evolutionary process. It has been my understanding that "nobody" in the last YEAR (at least!) has had a consistant "green https" in XP. Proxomitron / ProxHTTPSProxy do not have TLS 1.3 support (yet!). I suspect that a consistant "green https" will not happen until then. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now