Jump to content

Looking for a person with Python programming skills to implement TLS 1.3 functionality in ProxHTTPSProxy REV3e


AstroSkipper
 Share

Recommended Posts

1 hour ago, XPerceniol said:

I wonder if "managed by your system administrator" isn't good, I am THE admin with full privileges so something in the reg (must be) as I'm pos ready.

It's not that simple.

Making IE changes directly from the registry via Default or All Users profile hive as opposed to your Current User hive (which POSReady updates will do) is all it takes for the GUI to throw that "managed by your system admin" message.

It's much worse in Win7 with the POS (I use this term in a totally different sense!, aka, the 'polite form' is translated as "Piece of Stuff") "TrustedInstaller".

Link to comment
Share on other sites


25 minutes ago, AstroSkipper said:

Hi @XPerceniol and @cmalex, here are two screenshots to demonstrate successful connections to Qualys SSL Labs and Google, established by the TLS 1.3 proxy ProxyMII, using the Internet Explorer 8:

Proxy-MII-Qualys-SSL-Labs-IE8.png

Proxy-MII-Google-IE8.png


Cheers, AstroSkipper matrix.gif

Awesome! Hopefully you will keep me updated with this as well.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

Posted (edited)
1 hour ago, mina7601 said:

Awesome! Hopefully you will keep me updated with this as well.

@mina7601, thanks for your reply and your interest! As I already wrote:

On 7/15/2022 at 2:20 PM, AstroSkipper said:

I hadn't had much hope that this would happen. But, from now on, we definitely have a proxy with TLS 1.3 protocol support targeting Windows XP. yes-us.gif More details can be found in my thread: 

I'll keep you informed.

Cheers, AstroSkipper matrix.gif

all further progress and information you'll find soon in my thread "ProxHTTPSProxy and HTTPSProxy in Windows XP for future use". But first, we need a final release of ProxMII, fulfilling all license agreements. When this release is available, I'll try to implement this proxy in my ProxHTTPSProxy's PopMenu, if possible. And, I do believe that this is possible, but it won't be as easy as it was in the case of ProxHTTPSProxy REV3e. Anyway, we will see.
.
Cheers, AstroSkipper matrix.gif

Edited by AstroSkipper
Update of content
  • Upvote 1
Link to comment
Share on other sites

10 hours ago, XPerceniol said:

I wonder if "managed by your system administrator" isn't good, I am THE admin with full privileges so something in the reg (must be) as I'm pos ready. I really don't know.

Greetings.

SSL3 AES128-SHA (aka  TLS_RSA_WITH_AES_128_CBC_SHA) exists on Your's screenshots. So at least one shared cipher exists...

But on settings You have SSL3 disabled (very strange that Your's settings and clienttest.ssllabs.com show differ things).

Are You able to enable SSL3? Via settings or registry... In registry please check HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Ciphers  and HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols

My settings is in attachment. Any item enabled, if key Enabled=0 doesn't exists.

For quick check You can use full build of OpenSSL with testCipher.bat in bin folder.

After run it ask once for certificate data(just leave empty) and must run ssl server at port 44330 (please just ignore certificate errors).

https://mega.nz/#!3tF0zazQ!GBR8-4Zqnzd2D_UWf6CRLkqWJ1Au5TYEpvnWeXTExzU

Best regards.

UPD: You can add -cipher "ALL:COMPLEMENTOFALL"  to last command (last string, after -www) to use all possible ciphers.

Clipboard02.png

schannel.zip testCiphers.bat

Edited by cmalex
  • Like 2
  • Upvote 1
Link to comment
Share on other sites

Posted (edited)

Hi to all and especially to @cmalex and @XPerceniol, I think the problems, some users obviously have with the proxy ProxyMII, can probably be traced back to a misconfiguration. I will write a short tutorial on how to set up and use this proxy correctly. And hopefully, it should actually work properly then. ssupercool2.gif BTW, a proper configuration of ProxHTTPSProxy was already described by me in the first post of my proxy thread in the section Configuration. Just a reminder! Here is the link, once again: 
https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1213600  link.gif
The only difference is that the proxy settings of ProxyMII have to be done manually. :yes:

Cheers, AstroSkipper ordi1fun.gif

Edited by AstroSkipper
Update of content
  • Upvote 1
Link to comment
Share on other sites

12 hours ago, cmalex said:

Please try to replace ProxHTTPSProxy.py and ProxyTool.py with ones from py.zip in attachment. This variant must work even with IE6.

If not - can You please open https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html in Your browser, save it as "Webpage, html-only" and sent to me? Data from my browser - in attachment html.zip

Issue resolved ! :cheerleader:

Many thanks

Regards

Link to comment
Share on other sites

13 hours ago, AstroSkipper said:

No problem here with IE8. The proxy ProxyMII works much better with websites in Internet Explorer 8 than ProxHTTPSProxy REV3e. The Microsoft Update website works, too. A search for updates was successfully completed. I tested the service on browserleaks.com, and  the SSL Client Test of Qualys SSL Labs - Projects, both also lead to the expected results. TLS 1.3 in IE8. Perfect! :cheerleader:

No POSREADY 2009 updates installed, only SP3 here. :rolleyes:

Maybe the difference comes from here. :dubbio:

POSREADY 2009 can't be a requirement for ProxHTTPSProxy !

Regards

Link to comment
Share on other sites

Posted (edited)

Maybe, the POSReady updates are necessary to use this proxy successfully when connecting to the internet by IE8. :dubbio: But, I don't think they are a mandatory requirement for using this proxy in Windows XP generally :no: , although my Windows XP Professional SP3 is fully updated including all existent POSReady updates. Therefore, it is just my personal opinion about mandatory requirements. idee.gif

Cheers, AstroSkipper captain.gif

Edited by AstroSkipper
Link to comment
Share on other sites

I work from a home office and so my home operating systems must adhere to the full extent of license agreements.

It is ILLEGAL for me to use POSReady updates.

I would go so far as to suggest it is ILLEGAL for any of your HOME PC's to be using POSReady updates.

But I highly doubt that Microsoft will send you to jail for "hacking" your otherwise legal XP.

Link to comment
Share on other sites

Posted (edited)
1 hour ago, NotHereToPlayGames said:

I work from a home office and so my home operating systems must adhere to the full extent of license agreements.

It is ILLEGAL for me to use POSReady updates.

I would go so far as to suggest it is ILLEGAL for any of your HOME PC's to be using POSReady updates.

But I highly doubt that Microsoft will send you to jail for "hacking" your otherwise legal XP.

Right! Definitely no one is interested in wether it is legal or not. And certainly not me! nonono.gif POSReady updates are cool coool.gif , and they work perfectly! ssupercool2.gif I use them since 2014. Everything is fine, and most of it is good. :yes: BTW, no one is forced to use POSReady updates in their system. To each his own! :whistle: :)

Cheers, AstroSkipper ssuper5sur5.gif

Edited by AstroSkipper
Update of content
  • Like 2
Link to comment
Share on other sites

Posted (edited)

How to set up and use the TLS 1.3 proxy ProxyMII

  • Unpack the archive and copy the folder ProxyMII to a location of your choice.
  • Install the file CA.crt to Trusted Root Certification Authority under the account local computer manually. I use the certificate generated by ProxHTTPSProxy REV3e, provided in my release of ProxHTTPSProxy's PopMenu 3V1. Or use my contained ProxHTTPSProxy CA Certificate Installer and Uninstaller to do that automatically. If so, you have to overwrite the already existing CA.crt in ProxyMII's program folder by the one of my release.
  • Enable the proxy settings of IE in the Internet Options -> LAN settings, i.e., check mark "Use a proxy server for your LAN", and click on Advanced. Go to the entry Secure and enter the Proxy address 127.0.0.1 and the  port 8079.
  • Update the file cacert.pem to have the most recent one by using my cacert Updater Fixed (Recreated).
  • Start the proxy by executing the file ProxHTTPSProxy.exe.
  • Ensure that your firewall doesn't block this proxy. Add it to your exclusions list or allow its connection.
  • Do not forget to disable the proxy settings of IE when ProxyMII has been closed.

This short tutorial refers to the second and the latest release of @cmalex's ProxyMII. Now, if all steps above have been executed, it should actually work. Perform a test in your Internet Explorer on the websites of Qualys SSL Labs and BrowserLeaks. If you want to do further tests by using one of roytam1's browser editions, you have to import the certificate CA.crt in the browser's certificate storage additionally and change the browser's proxy settings, otherwise it won't work.

Kind regards, AstroSkipper matrix.gif

Edited by AstroSkipper
Update of content
  • Like 2
Link to comment
Share on other sites

20 minutes ago, AstroSkipper said:

How to set up and use the TLS 1.3 proxy ProxyMII
 

  • Unpack the archive and copy the folder ProxyMII to a location of your choice.
  • Install the file CA.crt to Trusted Root Certification Authority under the account local computer manually. I use the certificate  generated by ProxHTTPSProxy REV3e, provided in my release of ProxHTTPSProxy's PopMenu 3V1. Or use the contained ProxHTTPSProxy CA Certificate Installer and Uninstaller to do that automatically.
  • Enable the proxy settings in the Options of Internet Explorer. Set 127.0.0.1 to the port 8079.
  • Update the file cacert.pem to have the most recent by using my cacert Updater Fixed (Recreated).
  • Start the proxy by executing the file ProxHTTPSProxy.exe.
  • Ensure that your firewall doesn't block this proxy. Add it to your exclusions list or allow its connection.

This short tutorial refers to the second release of @cmalex's ProxyMII. Now, if all steps above have been performed, it should actually work. Perform a test in your Internet Explorer on the websites of Qualys SSL Labs and BrowserLeaks. If you want to perform further tests by using one of roytam1's browser editions, you have to import the certificate CA.crt in the browser's certificate storage and change the browser's proxy settings, otherwise it won't work.

Kind regards, AstroSkipper matrix.gif

Where is the 'archive' now?
I thought the original was pulled because of licencing problems.
:dubbio:

Link to comment
Share on other sites

Posted (edited)
31 minutes ago, Dave-H said:

Where is the 'archive' now?
I thought the original was pulled because of licencing problems.
:dubbio:

Hi @Dave-H, as mentioned in previous posts, @cmalex will provide a corrected archive of his proxies due to licensing problems. But I think some of us have already downloaded the second release, and a few of them had problems to get it work. Therefore, I wrote a short tutorial. :) Didn't you still download it? vertsennuie.gif

Edited by AstroSkipper
correction
  • Like 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...