silverni Posted July 6, 2022 Posted July 6, 2022 My English is weak, sorry. For some time I have been using as SSL filter Privoxy 3.0.32 27/02/2021: https://www.privoxy.org/ https://www.privoxy.org/sf-download-mirror/win32/ Privoxy was born as a content filter, some years ago it has taken on the SSL filter function, then today: Privoxy = ProxhttpsProxy + Proxomitron Privoxy offers various advantages including a good updated documentation. At the moment I use Privoxy only as a SSL filter, with the configuration files that I report below. Privoxy 3.0.32 does not support TLS 1.3, supports various TLS 1.2, TLS 1.1, TLS 1.0, SSL 3 protocols; test: https://clienttest.ssllabs.com:8443/ssltest/ViewMYClient.html Privoxy 3.0.33 of 08/12/2021 does not work in my Winxp; I read that the compilation is simple (but today I can't do it), and that it can be linked with two cryptographic library, probably with the time Privoxy will also support TLS 1.3 ---- https://github.com/essandess/adblock2privoxy/issues/34 pdc1 May 15, 2021 I had to build my own privoxy, but it was very straightforward, the main thing to note is to include --with-openssl or --with-mbedtls when running configure to enable https-inspection. ----- My configuration With OPENSSL 1.0.2T I created the two files: privoxy.crt and privoxy.pem, during the creation I indicated the following data: Password: PrivoxyPassword Country Name (2 letter code):IT State or Province Name:Italia Locality Name:<MyCity> Organization Name: Privoxy Organizational Unit Name (eg, section): Privoxy Common Name: Privoxy Email Address: With Cert.MSC I imported the Privoxy.Crt file in the Windows certificates database: Certificates (Local Computet) > Authority of certifications reliable sources > Certificates > Right click > All activities > Import > Privoxy.crt I placed in the same subdir of Privoxy.exe the two files Privoxy.crt and Privoxy.pem I downaloaded cacert.pem updated and I placed it in the same subdir. In the same subdir I renamed the conf.txt file as config0.txt, and I copied my two configuration files config.txt and sv1.action At the moment in SV1.action I disabled the verification of the servers certificates, and I set an UserAgent suitable for my purposes. Greetings === config.txt #-- originali confdir . logdir . enable-remote-toggle 0 enable-remote-http-toggle 0 enforce-blocks 0 enable-proxy-authentication-forwarding 0 forwarded-connect-retries 0 accept-intercepted-requests 0 allow-cgi-request-crunching 0 split-large-forms 0 tolerate-pipelining 1 #--- modifiche mie listen-address 127.0.0.1:8079 enable-edit-actions 1 buffer-limit 40960 socket-timeout 30 #keep-alive-timeout 5 #connection-sharing 1 show-on-task-bar 0 activity-animation 0 close-button-minimizes 1 ca-directory . ca-cert-file privoxy.crt ca-key-file privoxy.pem trusted-cas-file cacert.pem certificate-directory R:\Temp\PrivoxyCerts ca-password PrivoxyPassword #actionsfile match-all.action #actionsfile default.action #actionsfile user.action actionsfile SV1.action #filterfile default.filter #filterfile user.filter #logfile privoxy.log #debug 1 #debug 1024 #debug 4096 #debug 8192 === SV1.action {+https-inspection} / # Match all URLs {+ignore-certificate-errors} / # Match all URLs {+hide-user-agent{Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko}} / # Match all URLs
silverni Posted May 2, 2023 Author Posted May 2, 2023 After using Privoxy 3.0.20 for several months, I confirm that in my system it is much more efficient than ProxHTTPSProxy and BurpSuite 1.7.36, another SSL filter I have been using for some time. Meanwhile, @cmalex has compiled a build for WinXP of Privoxy 3.0.30, and it is running smoothly; so it will be quite easy to add TSL 1.3. Privoxy 3.0.40 is also available today. So far I have never needed to upgrade. Regards
silverni Posted May 31, 2023 Author Posted May 31, 2023 I came across the following pages that indicate the possibility of also using Privoxy as a filter to prevent malware, ads, etc. Many blacklists can be found on the Internet in HOSTS format, it seems easy to convert them into a format that can be used with Privoxy. Hereinafter I also point to a very curated source of blacklists in HOSTS format. By the way, I have not used real-time antimalware for at least five years. Regards ----------------------- https://github.com/ScriptTiger/Hosts-Conversions 230530 ScriptTiger / Hosts-Conversions Public Drag and drop a hosts file to convert it. ::: Privoxy: Converts a hosts file to Privoxy action file format to be used with a Privoxy action file, i.e. using something like {+block{Steven Black blacklist.}}. https://scripttiger.github.io/more/ 230530 Hosts-BL: Simple tool written in Go (=== exe NT6) to handle hosts file black lists that can remove comments, remove duplicates, compress to 9 domains per line, add IPv6 entries, as well as can convert black lists to multiple other black list formats compatible with other software. https://github.com/ScriptTiger/Hosts-BL 230530 ScriptTiger / Hosts-BL Public Usage: hosts-bl [options...] <source> <destination> -f <format> Destination format: ..., privoxy, ... https://github.com/StevenBlack/hosts Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
genieautravail Posted May 31, 2023 Posted May 31, 2023 @silverni Thank you very much for the links! I will try Privoxy as HTTPS proxy with ads filtering in the next days on a dedicated computer. Regards
silverni Posted June 6, 2023 Author Posted June 6, 2023 Other info Regards === https://www.privoxy.org/faq/misc.html 4.23. Should I continue to use a "HOSTS" file for ad-blocking? One time-tested technique to defeat common ads is to trick the local DNS system by giving a phony IP address for the ad generator in the local HOSTS file, typically using 127.0.0.1, aka localhost. This effectively blocks the ad. There is no reason to use this technique in conjunction with Privoxy. Privoxy does essentially the same thing, much more elegantly and with much more flexibility. A large HOSTS file may get in the way and seriously slow down your system. If you think your hosts list is neglected by Privoxy's configuration, consider adding your list to your user.action file: { +block } www.ad.example1.com ad.example2.com ads.galore.example.com etc.example.com === https://scripttiger.github.io/alts/ 230602 Additional Blacklist Support Below are assorted versions of Steven Black's unified hosts files reformatted for various other applications for additional support and are synced regularly. ::: Privoxy* To be used with a Privoxy action file. ::: * = Formats marked with an asterisk ("*") denote formats which take advantage of the higher flexibility afforded them and prune child sub-domains of parent domains already present on the list. For example, a domain assets.analytics.foo.com will be dropped from the list if either analytics.foo.com or foo.com are already present on the list. In the same example, analytics.foo.com would be dropped from the list if foo.com is already present on the list. However, if only assets.analytics.foo.com is present on the list, then both analytics.foo.com and foo.com will not be blocked. ::: Unified hosts = (adware + malware) FQDN | RFQDN | Adblock | dnsmasq | Unbound | RPZ | Privoxy | IPv4_IPv6 | Compressed | MCompressed ::: Privoxy https://scripttiger.github.io/alts/privoxy/blacklist.txt ::: Unified hosts = (adware + malware) Unified hosts + fakenews Unified hosts + gambling Unified hosts + porn Unified hosts + social Unified hosts + fakenews + gambling Unified hosts + fakenews + porn Unified hosts + fakenews + social Unified hosts + gambling + porn Unified hosts + gambling + social Unified hosts + porn + social Unified hosts + fakenews + gambling + porn Unified hosts + fakenews + gambling + social Unified hosts + fakenews + porn + social Unified hosts + gambling + porn + social Unified hosts + fakenews + gambling + porn + social
genieautravail Posted June 8, 2023 Posted June 8, 2023 @silverni I can't connect to Privoxy with Internet Explorer 8. I only have error messages in the logs of Privoxy about failed TLS/SSL handshake. Error: The TLS/SSL handshake with the client failed: error:0A00008A:SSL routines::cipher or hash unavailable Error: The TLS/SSL handshake with the client failed: error:0A080044:SSL routines::internal error Error: Failed to open a secure connection with the client What is your list of cyphers in the conf file of Privoxy ? Regards
silverni Posted June 9, 2023 Author Posted June 9, 2023 On 6/8/2023 at 9:33 PM, genieautravail said: @silverni What is your list of cyphers in the conf file of Privoxy ? Regards My configuration is in first post. Regards
silverni Posted June 9, 2023 Author Posted June 9, 2023 Other info Regards === https://pgl.yoyo.org/adservers/formats.php 230605 junkbuster - in internet junkbuster/privoxy format description: can be used as a starting point for the Internet Junkbuster Proxy, also usable with Privoxy http://www.junkbusters.com/ijb.html more info: https://pgl.yoyo.org/adservers/news.php#fourmore view: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=junkbuster
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now