Jump to content

Looking for a person with Python programming skills to implement TLS 1.3 functionality in ProxHTTPSProxy REV3e


AstroSkipper

Recommended Posts

13 minutes ago, XPerceniol said:

Is this what you are referring to?

https://3proxy.org/download/

After a short research, I found the same site. There is a documentation available how to install it and so on. I already read the part referring to Windows XP. I'll test it as soon as I know enough about this proxy.

Edited by AstroSkipper
Link to comment
Share on other sites


Greetings.

3 hours ago, AstroSkipper said:

I know nearly all about ProxHTTPSProxy, but nothing about the other proxy 3proxy. Could you provide some information how to use it? Is there any certificate I have to install in my system? In your first release, I can see such a certificate, but in your latest one, there is none.

Sorry, my bad. Yes, there is must be three files in certs folder - 3proxy.key, 3proxy.pem, server.key. And You need to import 3proxy.pem.
Some info from author - https://3proxy.org/plugins/SSLPlugin/?l=EN
I can't find mail - how to prolong or change 3proxy.pem. Initially i got it from author release.
In my first variant - config that i had used this time. At launch 3proxy.exe reads 3proxy.cfg
>plugin .\plugins\SslPlugin.dll ssl_plugin  - load plugin.
>nserver 192.168.1.1    - preffered DNS server
>nscache 16000            - DNS records live time
>ssl_certcache .\certs\   - folder to store certificates
>ssl_mitm                     - begin of ssl_plugin settings
>toggle_certstore         - switch to cache or not certs in folder
>proxy -p3128             - listen at port 3128 as MITM proxy
>ssl_nomitm                 - end of ssl_plugin settings
>proxy -p3129             - listen at port 3129 as usual proxy
Second config add options to list preffered ciphers. Now - all possible.
>ssl_ciphers ALL:COMPLEMENTOFALL
And (as my hope) this fragment redirect from socks port 3127 to MITM port 3128.
>allow *
>parent 1000 connect+ 127.0.0.1 3128
>socks -p3127
I'd never used other 3proxy abilities...

Best regards.

Link to comment
Share on other sites

4 hours ago, cmalex said:

Greetings.

Sorry, my bad. Yes, there is must be three files in certs folder - 3proxy.key, 3proxy.pem, server.key. And You need to import 3proxy.pem.
Some info from author - https://3proxy.org/plugins/SSLPlugin/?l=EN
I can't find mail - how to prolong or change 3proxy.pem. Initially i got it from author release.
In my first variant - config that i had used this time. At launch 3proxy.exe reads 3proxy.cfg
>plugin .\plugins\SslPlugin.dll ssl_plugin  - load plugin.
>nserver 192.168.1.1    - preffered DNS server
>nscache 16000            - DNS records live time
>ssl_certcache .\certs\   - folder to store certificates
>ssl_mitm                     - begin of ssl_plugin settings
>toggle_certstore         - switch to cache or not certs in folder
>proxy -p3128             - listen at port 3128 as MITM proxy
>ssl_nomitm                 - end of ssl_plugin settings
>proxy -p3129             - listen at port 3129 as usual proxy
Second config add options to list preffered ciphers. Now - all possible.
>ssl_ciphers ALL:COMPLEMENTOFALL
And (as my hope) this fragment redirect from socks port 3127 to MITM port 3128.
>allow *
>parent 1000 connect+ 127.0.0.1 3128
>socks -p3127
I'd never used other 3proxy abilities...

Best regards.

Thanks for this additional information! As I already mentioned, I never used 3proxy before. Therefore, I have to collect all necessary information to handle it properly. All of your information seems to be a bit more complicated than it was in the case of ProxHTTPSProxy. But, maybe, just due to my existent knowledge about ProxHTTPSProxy and the lack of knowledge about 3proxy. Good to know that a certificate has to be installed, too. Where do I have to import the certificate 3proxy.pem to? To Trusted Root Certification Authorities local computer or current user? And just for clarification. Are you sure that the certificate for importing is 3proxy.pem and not 3proxy.cer? Such a file can be downloaded here: https://3proxy.org/3proxy.cer The certificate ending of .pem are usually for generating the SSL certificates of websites in the folder certs as in the case of cacert.pem. Or means Code signing certificate it is needed for compiling this proxy? All of that is a bit confusing, the documentation in English is quite incomplete, and, frankly, not the best. ProxHTTPSProxy is able to generate a new CA certificate by itself if there is no such file. Maybe, 3proxy has a similar ability. Just a guess! Anyway, I'll test this proxy when I know enough about it and understand it better.

Kind regards, AstroSkipper :hello:

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

Greetings

8 hours ago, AstroSkipper said:

import the certificate 3proxy.pem to? To Trusted Root Certification Authorities local computer or current user?

I'd preferred for user.

8 hours ago, AstroSkipper said:

Are you sure that the certificate for importing is 3proxy.pem and not 3proxy.cer?

Yes, i'm sure.

8 hours ago, AstroSkipper said:

Or means Code signing certificate it is needed for compiling this proxy?

Code signing certificate - it's about signed executable (some like "Did you want to run untrusted application on this computer")

8 hours ago, AstroSkipper said:

ProxHTTPSProxy is able to generate a new CA certificate by itself if there is no such file. Maybe, 3proxy has a similar ability.

No, 3proxy can't generate certificate and keys by themself.

 

And looks like i'd lost all licensing things from all used components (3proxy, openssl, python, ProxyMII). I'm removing all links.

Can You please help get  licenses in order?  What more files or links You need for it?

Best regards.

Edited by cmalex
Link to comment
Share on other sites

4 hours ago, cmalex said:

And looks like i'd lost all licensing things from all used components (3proxy, openssl, python, ProxyMII). I'm removing all links.

What did you lose? Licensing things? Please let me know how I can help you, but first, explain exactly what you mean with "Licensing things".

4 hours ago, cmalex said:

Can You please help get  licenses in order? 

I don't know what you mean by "helping to get licenses in order". Tell me in detail what I can do for you. Of course, I will help you as much as possible. :yes:

4 hours ago, cmalex said:

What more files or links You need for it?

When you say "it", do you mean 3proxy? If so, I really don't know whether I need additional files or not. I would like to have an informative, detailed manual of 3proxy to understand how this proxy has to be installed correctly and how it works in detail.

And many thanks for the additional information referring to 3proxy.

Kind regards, AstroSkipper :)

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

Hi @cmalex, I could see that you've already removed your proxy download links. Please, explain what's wrong with these archives, and, what I can do for you. idee.gif
As I already mentioned, I would like to implement your proxy ProxyMII in my ProxHTTPSProxy's PopMenu for more convenient use, with your permission and with credits to you, of course. The goal of all I do is to future-proof Windows XP, the OS I'll love forever. It's important to have a most recent TLS 1.3 proxy in Windows XP, easy to use, fully documentated, and as convenient as possible. That was the reason I provided ProxHTTPSProxy's PopMenu 3V1 for all interested people, and the reason for the call in this thread, of course. :yes: Your second release of ProxyMII is absolutely great! :thumbup

Kind regards, AstroSkipper thinking.gif

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

Greetings.

Sorry, i don't know if full 3proxy documentation exists. There example configs in sources  https://github.com/3proxy/3proxy   and answers for questions in issues https://github.com/3proxy/3proxy/issues  Also exist large Russian topic on RuBoard http://forum.ru-board.com/topic.cgi?forum=5&topic=20458 ...

2 hours ago, AstroSkipper said:

Please, explain what's wrong with these archives, and, what I can do for you.

When You asked about 3proxy.cer i'd reviewed changes on site and stuck at License Agreement https://3proxy.ru/current/License.txt

Quote

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

I'll include Copying file from 3proxy sources. But will this be enough?

Also i'd used (and published) ProxyMII, Python, OpenSSL3(with my Win98 patch), cryptography, LibFFI, cffi  - each with its own license agreement and publishing rules.

What files should be added and what changes should be made to the structure of the archives to fulfill the terms of the license agreements for each of the components used?

 

When I used for myself I didn't ask these questions...

And it's mean that my python 3.8.13 publication also violates the terms of licence. Temporarly i'd add lint in Mega folder to https://docs.python.org/3/license.html ...

Best regards.

Link to comment
Share on other sites

2 hours ago, cmalex said:

I'll include Copying file from 3proxy sources. But will this be enough?

Also i'd used (and published) ProxyMII, Python, OpenSSL3(with my Win98 patch), cryptography, LibFFI, cffi  - each with its own license agreement and publishing rules.

What files should be added and what changes should be made to the structure of the archives to fulfill the terms of the license agreements for each of the components used?

Do you think you'll be able to modify your release of ProxyMII and 3proxy to fulfill the terms of the license agreements? Your release is definitely great and valuable for all those who have to use Windows XP or, like me, want to. But first, thanks again for all your efforts and your explanations! 
mains.gif

We definitely need you and your skills. We are glad to have you here in this forum. :yes: If I can help you, don't hesitate to ask me or our experts here at MSFN! The members in this forum help each other. unami.gif

Kindest regards, AstroSkipper matrix.gif

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

@cmalex, maybe, it could help you, in the case of ProxyMII, to take a look into @heinoganda's releases of ProxHTTPSProxy. He had documentated his releases very accurately, to fulfill the terms of the license agreements, presumably. He provided changelogs and all necessary documents, too. :yes: You can find it in the section Versions and all downloadable releases in the section Downloads of my thread "ProxHTTPSProxy and HTTPSProxy in Windows XP for future use". I refer in particular to the releases ProxHTTPSProxy REV3d and REV3e. And here is the link: 

@heinoganda provided his source code, too. Here is the link of ProxHTTPSProxy REV3e's source code: 
https://www.mediafire.com/file/s9027bdxffodbna/cryptography-2.8-py3.4_openssl-1.1.1d.rar/file  link.gif
And here is the link to my release of ProxHTTPSProxy's PopMenu 3V1 if you want to take a look into:
https://www.mediafire.com/file/h20kkuucurv2i2b/ProxHTTPSProxy_REV3e_PopMenu_3V1.7z/file  link.gif

Cheers, AstroSkipper ecrire-ordi.gif

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

@cemalex

I can't use Internet Explorer 8 with ProxHTTPSProxy:

"[SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]
"[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]
"[SSL: KRB5_S_TKT_NYV] unexpected eof while reading (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]

Regards

Edited by genieautravail
Link to comment
Share on other sites

No problem here with IE8. The proxy ProxyMII works much better with websites in Internet Explorer 8 than ProxHTTPSProxy REV3e. The Microsoft Update website works, too. A search for updates was successfully completed. I tested the service on browserleaks.com, and  the SSL Client Test of Qualys SSL Labs - Projects, both also lead to the expected results. TLS 1.3 in IE8. Perfect! :cheerleader:

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

Greetings.

1 hour ago, genieautravail said:

"[SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]
"[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]

Please try to replace ProxHTTPSProxy.py and ProxyTool.py with ones from py.zip in attachment. This variant must work even with IE6.

If not - can You please open https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html in Your browser, save it as "Webpage, html-only" and sent to me? Data from my browser - in attachment html.zip

 

Best regards.

py.zip html.zip

Link to comment
Share on other sites

15 hours ago, genieautravail said:

@cemalex

I can't use Internet Explorer 8 with ProxHTTPSProxy:

"[SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]
"[SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]
"[SSL: KRB5_S_TKT_NYV] unexpected eof while reading (_ssl.c:1094)" while trying to establish local SSL tunnel for [www.google.fr:443]

Regards

I thought it was just me ... I haven't figured this out just yet, but as you can see, I'm not looking too good without it. A bit concerned about this, as well. I only enabled it to test and will promptly disable it until I get handle on this. Ah, I see handles are on sale at the local hardware store, should stop by :)

I wonder if "managed by your system administrator" isn't good, I am THE admin with full privileges so something in the reg (must be) as I'm pos ready. I really don't know.

ie8.thumb.JPG.7c9471b1901a9ab2ca2fcef882bea64b.JPG

ie82.thumb.JPG.c374b691521f0cc28e439778db51b54b.JPG

EDIT:

No malware at all and nothing obvious I can see in the registry. Perhaps I need to check deeper tomorrow when I can actually think.

Thank you guys, and no need to reply.

Edited by XPerceniol
Link to comment
Share on other sites

13 hours ago, cmalex said:

Greetings.

Please try to replace ProxHTTPSProxy.py and ProxyTool.py with ones from py.zip in attachment. This variant must work even with IE6.

If not - can You please open https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html in Your browser, save it as "Webpage, html-only" and sent to me? Data from my browser - in attachment html.zip

 

Best regards.

py.zip 9.36 kB · 1 download html.zip 4.86 kB · 1 download

I've got everything you have provided and will keep everything together and ask for help @AstroSkipper when I'm feeling a bit more energetic. Honestly, I feel pretty stupid right now.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...