| View previous topic :: View next topic |
| Author |
Message |
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
 Posted: Sun May 27, 2018 8:04 am Post subject: Boosting up privoxy's capabilities |
 |
|
Guys I have created ebuilds for packages enhancing privoxy ten fold.
https://bugs.gentoo.org/656484 net-proxy/adblock2privoxy - Convert adblock config files to old PCRE format which privoxy uses
https://bugs.gentoo.org/656470 net-proxy/proxhttpsproxy - MITM SSL proxy helper (to use privoxy with SSL sites)
Ebuilds themselves may need of slight improvement here and there, but nevertheless are ready to use. For proxhttpsproxy I wondered if there others more widely adopted programs, but I would this one quite easy to set up (only few days of hair pulling  to get it to work with squid for transparent proxy). MITM is not what is most desired by users as traffic may be logged, but I find it great way to increase privacy (use of privoxy for most devices on the network) and security at the same time (ssl connections to servers are established with updated openssl package from the server, while many boxes in the network may have firmware/packages outdated for years).
In case anyone wants to set up it network wide for transparent proxy with following chain (Squid - ProxHTTPSProxyMII - Privoxy) beware of Android as it would not work for not unblocked devices (phones, Chromecast).
To fully strip browsers from adblock/ublock addons two issues Issue 6 and Issue 7 may need to be resolved. While second one may be worked around it easily the other one is much more complex and would fix as in my case 452 errors for those most pesky sites so code improvements here are welcomed  .
| Quote: | Elements hiding rules: 74954
Errors: 452
Request block rules for exception: 9357
Request block rules total: 78255
Request block rules with domain option: 6906
Request block rules with request type options: 6906
Rules with third party option: 26943 |
PS Reason I posted it in Networking & Security instead of Documentation, Tips & Tricks is that looking into what ProxHTTPSProxyMII exactly does with encrypted traffic would be welcomed. I do not not see in the code anything in there pointing traffic to FSB, NSA or any other trustworthy company, but there again I am not a programmer
_________________
Sky is not the limit...
Last edited by ryszardzonk on Tue May 29, 2018 6:37 am; edited 2 times in total |
|
| Back to top |
|
 |
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3343
Location: Rasi, Finland
|
| Posted: Sun May 27, 2018 8:36 am Post subject: |
|
|
I had plans for this AdBlock --> Privoxy since two years ago, but never had time and when I had time I forgot it. So my solution was to use a HUGE hosts file.
Thanks to you, I'll finally do the move. Let's see if I still have my preliminary nftables skills left to make the routing...
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
| Posted: Sun May 27, 2018 12:25 pm Post subject: |
|
|
I do following with iptables.
| Code: | #!/bin/bash
ipt=/sbin/iptables
INT_IF="enp2s0"
# redirect http traffic for whole network to squid transparent cache
${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.0/24 ! -d 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 8080
# redirect https per host based traffic to squids https_port
${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.2 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090
${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.3 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090
${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.4 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090 |
I never got around to using tproxy for that as this is the same when one sets transparency in squid | Code: | | http_port 192.168.101.1:8080 intercept |
.
_________________
Sky is not the limit... |
|
| Back to top |
|
|
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
| Posted: Mon Jun 18, 2018 6:25 am Post subject: |
|
|
In case one would like to try never version of ebuilds where some issues mainly with converter have been addressed they are available here for testing
For those that do not want to install adblock2privoxy due too quite large number of dependencies or simply would like to try prepared filters on their privoxy config as they address few more issues with converter they are available here
ownfilter-*.tar.xz - files to be added to privoxy config directory
css_hide-*.tar.xz - files to be added to web server element hidding to work
remove-adware-*.sh - script with which config has been prepared
And for those that feel the urge to help out it development here is some links for you
http://projects.zubr.me/report/1
https://github.com/essandess/adblock2privoxy/issues - Fork which fixed several issues with original repo (used by ebuild)
https://github.com/wheever/ProxHTTPSProxyMII/issues
https://www.prxbx.com/forums/forumdisplay.php?fid=48 - Most recent version fixes few issues with ProxHTTPSProxyMII
EDIT: Spending more time on improving privoxy than normal human being should have I missed out that about week ago I lost after more than 10 years my free dydns hostname. I replaced it with new one
_________________
Sky is not the limit... |
|
| Back to top |
|
|
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
| Posted: Mon Jul 16, 2018 3:56 pm Post subject: |
|
|
Let the Internet feel the privoxy's wrath 
Today's installment of overlay along with deployment features delivered with it would increase default privoxy settings several fold.
2018.07.16 Main new features
- greasemonkey 2.0 emulation filter & action files for privoxy
- templates loading several online scripts for various sites found in filters
- fixes for cases of javascripts and css files not loading properly due to being rewritten by privoxy
- adblock2privoxy filter conversion scripts working around number of its bugs
- altering adblock2privoxy default element handling features (expert use flag) which fixes up to 13 000 otherwise improperly translated rules
Now if anyone has idea why greasemonkey may not be safely enabled for all sites as sometimes it leads to stretched pictures or why they would not load on youtube or several other sites I would welcome the fix for it.
2018.07.23 Main new features
- Today's patch introduces very important changes to the way in which adblock2privoxy does hosts record conversion. This greatly limits false positives described in detail on on that github thread
- Squid 4.1 added to the overlay
- included all scripts and configs for privoxy & adblock2privoxy for easy deployment
Get it here
_________________
Sky is not the limit... |
|
| Back to top |
|
|
|
Networking & Security
