I posted here about Proxomitron being revived, updated last December. The member over there working on this project has released a major new update a few days ago.
Amy has named the project 'Proxomitron Reborn' and has: Certificates generated with correct names and HTTPS working. I am not going to say much about this new release as I am still trying to figure my settings out. I am understanding this new update better than I did 24 hours ago ... but I think I have more steps to cover.
So anyone that likes or once liked Proxomitron ... hit on the link (Page 06) below and start reading ... on Page 08 now.
http://prxbx.com/forums/showthread.php?tid=2331&page=6
Dec. 10, 2018
Amy
RE: Proxomitron Reborn
4.6.0.0 has been released! This version contains the following changes:
- Add missing update of Host header after redirection
This was a bug I introduced, which managed to creep its way through all the -Reborn versions. Thanks to rasczak for spotting it!
- Certificates generated with correct names
No longer deal with unfilterable HTTPS pages or "host name does not match" warnings/errors from browsers! The Proxomitron now generates certificates, signed by its own root, for each hostname to satisfy browser checks.
- $REM() pseudocommand
At the request of mizzmona, the $REM pseudocommand allows including commentary in filter expressions. Within the parentheses, write anything which will be ignored completely by the matching engine. Ensure to balance inner parentheses, or escape them and other special characters.
- Add HTTPS to local.ptron
Simply set the port in the new HTTPS settings tab to an unused one (e.g. 8443), restart Proxomitron, and visit e.g.
https://local.ptron:your_port/.pinfo/ or any local path to see files served over HTTPS!
https://localhost:your_port/ and
https://127.0.0.1:your_port/ will work too, thanks to the Subject Alternative Names in the certificate that it generates. If you don't need this option, set the port to 0 and it will stop listening for HTTPS. The new configuration file keyword is SslPort in the Global section, and its default is 0.
- HTTPS configuration options for cipher suite selection and certificate error bypass
Also present in the new configuration dialog tab are two fields which correspond to two new keywords in the global configuration file section: SslCiphers and BypassCertErrs.
The former allows controlling the cipher suites which Proxomitron's SSL client (as presented to external sites) advertises support for; its format is a string that is documented at
https://www.openssl.org/docs/man1.0.2/apps/ciphers.html . Leave it blank to use the default, which is currently "ALL:!eNULL:!aNULL:!EXP:!DES:!RC2:!SSLv2:!PSK:!aECDH:!CAMELLIA:!SEED:@STRENGTH". This is useful for the advanced users to fine-tune their TLS/SSL configuration.
The latter is a flexible way to specify sites which you do not want to be warned of certificate errors with; you can use any of Proxomitron's filtering language to construct an expression which will be matched against the hostname. This means you can use blockfiles too! Leaving this field blank (the default) means it will not match any hostname, and thus the behavour will be unchanged from before.
- Add details to certificate error dialog
The certificate error dialog now shows the entire certificate details instead of only the name and its validity period dates. Useful for troubleshooting certificate errors.
- Add root certificate generation
This is the biggest new feature, and is accessible from the bottom button in the new HTTPS configuration tab. If you have an existing certificate in use, you can still click this button and look around; it will warn you that if you try to generate a certificate, it will replace your existing one. This new dialog allows you to specify some fields of the certificate to be generated, and if you have an existing certificate it conveniently duplicates the same information from it and lets you generate a new one with a validity period of another 5 years. You can choose the key size and algorithm, keeping in mind that not all browsers will support the more advanced ones, and that this certificate is only used to "fool" browsers into behaving since Proxomitron does most of the work of encryption and validation now. It makes sense to choose the most "insecure" that browsers will accept, because it improves performance. If you click Generate, it will create/overwrite the proxcert.pem and proxcert_certonly.pem files, and then after restarting Proxomitron and installing the certificate as a trusted root in the browser(s) you use, you can start experiencing real SSL filtering!
Enjoy! As always, please leave your feedback here and I will try to respond when I can.
...