Jump to content

Web Browser + Proxomitron Reborn + PtronGUI --- A How-To Guide


Recommended Posts


17 minutes ago, NotHereToPlayGames said:

green "padlock"

It's not actually about the color, that's just an indication of the issue. Which is the same as with your Mypal example.

Someone will try to open a page in IE, or in 360Chrome with that warning enabled, then will come asking why it doesn't work, lol.

 

39 minutes ago, NotHereToPlayGames said:

It has been my understanding that "nobody" in the last YEAR (at least!) has had a consistant "green https" in XP

I consistently see it when i open my bank site. It skips all proxies :P

 

Link to comment
Share on other sites

So do I on my bank sites.  But they're pretty much about the only sites that I get a "green" padlock.  I'm exaggerating, of course.

But look up at your address bar right now - MSFN has been "red" for close to a year.  Doesn't stop us from visiting MSFN or even logging in, now does it?

Link to comment
Share on other sites

17 hours ago, dmiranda said:

I managed to set it up, as instructed, in SP52.

I'll be adding screencaps for an Serpent 52 setup.  Disregard.

 

14 hours ago, NotHereToPlayGames said:

It's an evolutionary process.

Credit to JJoe and amy over TUOPF - they have resolved the port 443 versus port 8443 issue and I'll be uploading an updated config later this morning.

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Also learned a cool debug trick.
Execute the command tasklist in Command Prompt (or what I like to call "The Matrix" because I changed my font color to green-on-black).
This will give you the "PID" number for Proxomitron.exe.
Execute the command netstat -ano | find "PID" (include the quotes but replace with PID#) to debug the port info for Proxomitron.exe (note that my PID changed midway through these screencaps because I exited, made changes, then relaunched Proxomitron).

image.png.165148a77c13d49fa4e0f109e93d9a23.png   image.png.5a69c5f22f154a782e3de604c726d0c3.png

Link to comment
Share on other sites

18 hours ago, dmiranda said:

in my set up and their interaction with proxomitron, it is not possible for me to -for example- reply in this forum

Findings like this are to be expected (we are "filtering" the web page).

It's why we have bypass lists.

For MSFN, I don't use any bypass lists but do use the Proxomitron Menu (click on a web page and you access it from the lower right corner).

For the MSFN reply box, you can enable it this way --

image.png.edcc319fc293a8cb38a235d63be07346.png

Edited by NotHereToPlayGames
Link to comment
Share on other sites

20 hours ago, dmiranda said:

in my set up and their interaction with proxomitron, it is not possible for me to -for example- reply in this forum

For a more permanent solution, add this to your Exceptions-U.txt file then have Proxomitron reload the config so that it takes effect (the keylogger remains deactivated unless you manually activate using the "timer" button) -

# MSFN
msfn.org/
    $SET(0=a_track.i_script:0.)

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Here's another cool function of Proxomitron.  Credit to @XPerceniol for the image.

Animated gif's by default animate in an endless loop.

With Proxomitron you can freeze them completely or limit their number of loops.

Refresh this page and watch the below animated gif with different Proxomitron settings (do not check the Freeze when you check the Header filter for Filter GIFs [requires Web Page filter for Limit Animated GIFs]).

spacer.png

image.png.8c2ebea07ca1ee60336290510c5c45f7.png

image.png.726c41641ed4d81ac35a0761bf4959e6.png

image.png.adc1bdae2353c3ab08e26cf7658bcada.png

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Here's another one of my favorite functions (default settings for Advanced Mode, did not verify in Standard Mode).
A lot of users like to "embed" YouTube videos, especially in the What Are You Listening To? thread.
Since these are contained in an "iFrame" (my default uMatrix blocks), we can now toggle them into view.
Or click to open in current tab or right-click to open in new tab, window, or incongito window (my default extensions block YouTube unless I am actually on YouTube).

image.png.66f003344fa64c1c9816320489987ef5.png   image.png.2cb8d216e20cd11cb852e23bcb1fe8eb.png   image.png.dd442c9137bedf7d0befaaae5d71f43c.png

Edited by NotHereToPlayGames
Link to comment
Share on other sites

The devil sure is in the detail.

I've used Proxomitron for many years, albeit not with a huge degree of sophistication. For example, in the early days it was one of the few ways to block ads (I'm proud to have been blocking doubleclick for way more than a decade). Anyway, the issue I've had for a long time is that the filters don't get applied over a secure connection. I was still using Naoko 4.5 (2003-6-1) which I think is the final version produced by the late Scott R. Lemmon.

Using your instructions I thought I'd give the whole SSL thing another go. This is using FF52.

  • The creation of proxcert.pem and proxcert_certonly.pem is confusing. When I click the Certificate Generation and Installation button it creates both files (overwriting proxcert.pem previously created by proxcert-MakeCert.bat) so I'm wondering if the proxcert-MakeCert.bat step is redundant?
  • I can get the Use SSLeay/OpenSSL option to work so Proxomitron applies filters on HTTPS pages. I did have to delete certs.pem from the ProxN45j install otherwise Proxomitron throws a challenge for each HTTPS site visited.
  • The HTTPS tab is a bit of a mystery to me and I wish I could find some documentation on this new tab. I can't get the whole 8443 thing to work. I'm not even sure what it is trying to achieve. I can get Proxomitron to listen on 8080 and 8443 but if I tell FF to use 8443 as its SSL Proxy I get Secure Connection Failed messages.

Using just 8080 for both the HTTP Proxy and SSL Proxy seems to work okay, so again I'm not sure what I'm trying to achieve. Is the 8443 thing supposed to replace the Use SSLeay/OpenSSL option?

__________________________________________________________

I do have a concern about the way Proxomitron establishes a secure connection between itself and a web site while at the same time using a different secure connection using its own certificate with the browser. With Use SSLeay/OPenSSL, if you interrogate the Web Site Identity it will indicate that it is Verified by Proxomitron. View Certificate shows the Proxomitron certificate. Are there any dangers in this? For example, might Proxomitron facilitate a bad web site that the the browser would otherwise block?

I did some tests here: https://badssl.com/ and it suggest that it might.

I've seen these roll-your-own certificate solutions before and I've seen reports that as a side effect they can compromise security. I seem to remember some antivirus software that hijacked the SSL certificate so that it could virus check the secure traffic only to introduce its own vulnerability. I think they are fine when used in conjunction with, for example, an old email client because you presumably trust your email provider but in this scenario you're trusting the whole of the internet.

Oh, and I also have a request. Is it possible that yourself or someone else could publish your zip files some place more easily accessible than Google's Dropbox?

This is all interesting stuff,
Ben.

Link to comment
Share on other sites

1 hour ago, Ben Markson said:

The creation of proxcert.pem and proxcert_certonly.pem is confusing. When I click the Certificate Generation and Installation button it creates both files (overwriting proxcert.pem previously created by proxcert-MakeCert.bat) so I'm wondering if the proxcert-MakeCert.bat step is redundant?

I can only confirm that I tried it both ways and I had to use the proxcert-MakeCert.bat step in order for the new .pem files to "work".
It appears redundant, but I did try it both ways and was unsuccessful without this step.
However, I may have not noticed that an exit-and-relaunch is required so I will double-check and report my findings.

Update - I can confirm that the proxcert-MakeCert.bat step is required. 
 I cannot get Mypal to accept the certificate if I skip this step. 
 There are "cryptography" settings available but they are "over my head" and I am unsure if they would elliminate this step or not.

 

1 hour ago, Ben Markson said:

I did have to delete certs.pem from the ProxN45j install otherwise Proxomitron throws a challenge for each HTTPS site visited.

That is correct.
You may have missed one of my steps because in the uploaded files you should find that the certs.pem file was renamed to certs.pem-disabled (essentially deleting the file because Proxomitron hunts for it by name).

 

1 hour ago, Ben Markson said:

I can't get the whole 8443 thing to work. I'm not even sure what it is trying to achieve. I can get Proxomitron to listen on 8080 and 8443 but if I tell FF to use 8443 as its SSL Proxy I get Secure Connection Failed messages.

The confusion here is that 8443 is an "internal" port (at least that seems to be the best way to explain it).
The port connections for http and for https are both to be set at 8080 (just like the original Proxomitron that we all used before Proxomitron Reborn).
And this 8080 should be used in your operating system or browsers proxy settings and in Proxomitron's Config Settings "http" TAB.
It is only the "https" TAB in Proxomitron's Config Settings that uses 8443.

Edited by NotHereToPlayGames
Link to comment
Share on other sites

2 hours ago, Ben Markson said:

I do have a concern about the way Proxomitron establishes a secure connection between itself and a web site while at the same time using a different secure connection using its own certificate with the browser. With Use SSLeay/OPenSSL, if you interrogate the Web Site Identity it will indicate that it is Verified by Proxomitron. View Certificate shows the Proxomitron certificate. Are there any dangers in this? For example, might Proxomitron facilitate a bad web site that the the browser would otherwise block?

I apologize if I sound a bit blunt, but I am the wrong person to ask.
Browser "certificates" have been flawed ever since the "web" decided to use httpS "everywhere" instead of only on banking web sites (circa May 2000).
Chrome did not start "nagging" its users that http pages are not "secure" until version 68 [July 2018].
Mozilla followed Chrome's footsteps with the "nagging" with the release of Firefox version 70 [October 2019].
Firefox did flag password fields on forms with version 46 but was not enabled by default until version 51 [January 2017, at which time Chrome also flagged password fields that where not https).
But as far as blocking access based on a "padlock", that started in 2018 with Chrome and in 2019 with Firefox.

I have personally always disabled these "nags" and I find the "padlock" in a web browser's address bar to be a complete and utter waste of time - so again, I apologize, but I am not the person to ask.
That's not to be "misread" or "misinterpreted".
I do have "blocking" means employed for "security", but that "d@mn" 'padlock' is NOT one of them.
Malware web sites have GREEN PADLOCKS! [also the very reason I started telling Proxomitron users to filter HTTPS way back in 2004!])  :whistle:

https://www.pcmag.com/news/google-chrome-begins-flagging-all-http-pages-as-not-secure
https://www.zdnet.com/article/firefox-follows-in-chromes-footsteps-and-will-mark-all-http-pages-as-not-secure/
https://nakedsecurity.sophos.com/2020/02/18/malware-and-https-a-growing-love-affair/

Edited by NotHereToPlayGames
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...