About Privoxy and Immunicity

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Fri Nov 04, 2022 12:14    Post subject: About Privoxy and Immunicity Reply with quote
The guide for Privoxy ( https://wiki.dd-wrt.com/wiki/index.php/Privoxy_Custom_Config ) mentioned http://clientconfig.immunicity.org/pacs/all.pac , but the website seemed to be no more! Of course, that file (all.pac) is gone as well.

Immunicity Has Been Shut Down: Here's What You Need To Know.
* Published Aug 11, 2014
https://www.makeuseof.com/tag/immunicity-shut-heres-need-know/

Update:

Well, the Internet Archive still has it. You might wanna download it before it disappears.

"https://web.archive.org/web/20140315000000*/http://clientconfig.immunicity.org/pacs/all.pac"
(I cannot use the url BBcode to wrap the link above)

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Sat Nov 05, 2022 1:30; edited 3 times in total
Sponsor
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Nov 04, 2022 14:30    Post subject: Reply with quote
The proxy server in that text file does not exist anymore and as such, the file is useless for previous custom configuration for privoxy. The only usefulness of that file is for domains to block, if anything at all, to add to your blocking list for privoxy, adblock, etc. Please at least take the time to properly connect the dots and come up with a working solution.
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Fri Nov 04, 2022 14:41    Post subject: Reply with quote
dale_gribble39 wrote:
The proxy server in that text file does not exist anymore and as such, the file is useless for previous custom configuration for privoxy. The only usefulness of that file is for domains to block, if anything at all, to add to your blocking list for privoxy, adblock, etc. Please at least take the time to properly connect the dots and come up with a working solution.

I don't use Privoxy, but was curious about its function, which led me to that piece of news about Immunicity and that file all.pac. That's all the "time" I wanna spend. Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Fri Nov 04, 2022 16:19    Post subject: Reply with quote
Immunicity was all about unblocking censored websites by many countries on the basis that it allows access to such and the obvious piracy issues claimed by such government blocks.

Quote:
Federation Against Copyright Theft (FACT) - found evidence that Immunicity was providing access to 36 websites that had been previously been blocked in the UK for infringing copyright.


I suggest you remove the pac file from your post on that premise. Its not what I consider acceptable in this community, an unrelated to DD-WRT and could very well become detrimental.

So from that standpoint its up to users not DD-WRT to do as they please at their own risk.

And you posting this type of content, doesn't help you wherever in the world you are. Yea I know!

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Fri Nov 04, 2022 19:56    Post subject: Reply with quote
the-joker wrote:
I suggest you remove the pac file from your post on that premise. Its not what I consider acceptable in this community, an unrelated to DD-WRT and could very well become detrimental.

Done!
Quote:
So from that standpoint its up to users not DD-WRT to do as they please at their own risk.

And you posting this type of content, doesn't help you wherever in the world you are. Yea I know!

Well, the Wiki entry "Privoxy Custom Config" mentioned all.pac , not my idea nor suggestion! I merely went thru the process of checking the wiki's method.

Should the Wiki be updated to remove any reference to it? Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Fri Nov 04, 2022 20:30    Post subject: Reply with quote
Notes were added about Immunicity being no longer to the wiki referencing this thread. I removed the direct download link for the .pac file that was in this thread. Also to note, the version of Privoxy in DD-WRT Official is one release behind upstream (I already emailed BS about it).

https://www.privoxy.org/

https://svn.dd-wrt.com/browser/src/router/privoxy/ChangeLog

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sat Nov 05, 2022 1:22    Post subject: Reply with quote
kernel-panic69 wrote:
Notes were added about Immunicity being no longer to the wiki referencing this thread. I removed the direct download link for the .pac file that was in this thread.

Thanks!

The following PDF(?) also mentioned Immunicity. Not sure whether it's auto-generated from Privoxy Custom Config.
https://wiki.dd-wrt.com/wiki/index.php?title=Special:PdfPrint&page=Privoxy_Custom_Config
Quote:
Also to note, the version of Privoxy in DD-WRT Official is one release behind upstream

Will need a dedicated user to test the new one. Smile

I did spend some time with Squid proxy server back in the days of Caldera OpenLinux ...

privoxy vs squid - Google Search
https://www.google.com/search?q=privoxy+vs+squid

More:

Quote:
Can Privoxy run as a "transparent" proxy? The whole idea of Privoxy is to modify client requests and server responses in all sorts of ways and therefore it's not a transparent proxy as described in RFC 2616.

https://www.google.com/search?q=privoxy+transparent+proxy

Setting up Transparent Content Filter on Gateway with Privoxy - Alpine Linux
https://wiki.alpinelinux.org/wiki/Setting_up_Transparent_Content_Filter_on_Gateway_with_Privoxy

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw


Last edited by mwchang on Mon Nov 07, 2022 7:19; edited 3 times in total
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sat Nov 05, 2022 10:44    Post subject: Reply with quote
mwchang wrote:
Will need a dedicated user to test the new one. Smile

Are you volunteering? It shouldn't make any difference Privoxy is one patch version ahead (patch rev tick are bug fixes only), 3.0.32 vs 3.0.33 so there are no issues with compatibility. if it was upstream 4.x.x (major version is automatic breaking changes) in some area that would be non backwards compatible. That isn't the case.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sat Nov 05, 2022 11:04    Post subject: Reply with quote
the-joker wrote:
mwchang wrote:
Will need a dedicated user to test the new one. Smile

Are you volunteering? It shouldn't make any difference Privoxy is one patch version ahead (patch rev tick are bug fixes only)....

I don't do crystal ball things that tell the future ... Smile

But it seems that Privoxy is just a filtering proxy, when a filtering DNS like Unbound (and SmartDNS? DNSCrypt?) might be more useful. HTTPS' enecryption "destroys" many old-school domain name filtering based on proxy servers. But then we have DNS over HTTPS ... I dunno.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sat Nov 05, 2022 11:08    Post subject: Reply with quote
The two may do what you think is a similar job but Privoxy actually alters the HTTP headers, so you have WAY more control of what you can do while Unbound does something entirely different.
_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Sat Nov 05, 2022 18:16    Post subject: Reply with quote
https://www.privoxy.org/announce.txt

Quote:
Privoxy 3.0.33 fixes an XSS issue, multiple DoS issues and a
couple of other bugs. The issues also affect earlier Privoxy releases.
Privoxy 3.0.33 also comes with a couple of general improvements and
new features.

--------------------------------------------------------------------
ChangeLog for Privoxy 3.0.33
--------------------------------------------------------------------
- Security/Reliability:
- cgi_error_no_template(): Encode the template name to prevent
XSS (cross-site scripting) when Privoxy is configured to servce
the user-manual itself.
Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
- get_url_spec_param(): Free memory of compiled pattern spec
before bailing.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
- process_encrypted_request_headers(): Free header memory when
failing to get the request destination.
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
- send_http_request(): Prevent memory leaks when handling errors
Reported by Joshua Rogers (Opera) who also provided the fix.
Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.

- Bug fixes:
- handle_established_connection(): Skip the poll()/select() calls
if TLS data is pending on the server socket. The TLS library may
have already consumed all the data from the server response in
which case poll() and select() will not detect that data is
available to be read.
Fixes SF bug #926 reported by Wen Yue.
- continue_https_chat(): Update csp->server_connection.request_sent
after sending the request to make sure the latency is calculated
correctly. Previously https connections were not reused after
timeout seconds after the first request made on the connection.
- free_pattern_spec(): Don't try to free an invalid pointer
when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
Closes: SF patch request #147. Patch by Maxim Antonov.
- Adjust build_request_line() to create a CONNECT request line when
https-inspecting and forwarding to a HTTP proxy.
Fixes SF bug #925 reported by Wen Yue.
- load_config(): Add a space that was missing in a log message.
- read_http_request_body(): Fix two error messages that used an
incorrect variable.
- If the the response is chunk-encoded, ignore the Content-Length
header sent by the server.
Allows to load https://redmine.lighttpd.net/ with filtering enabled
,,,,

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Mon Nov 07, 2022 15:01    Post subject: Reply with quote
kernel-panic69 wrote:
Also to note, the version of Privoxy in DD-WRT Official is one release behind upstream (I already emailed BS about it).
https://www.privoxy.org/
https://svn.dd-wrt.com/browser/src/router/privoxy/ChangeLog

dale_gribble39 wrote:
https://www.privoxy.org/announce.txt

Related changes so far:

Changeset 50819 – DD-WRT
update privoxy: add new files
https://svn.dd-wrt.com/changeset/50819

Changeset 50820 – DD-WRT
update privoxy: remove old files
https://svn.dd-wrt.com/changeset/50820

Changeset 50821 – DD-WRT
enable openssl support
https://svn.dd-wrt.com/changeset/50821

Changeset 50822 – DD-WRT
https://svn.dd-wrt.com/changeset/50822

Changeset 50824 – DD-WRT
update filters
https://svn.dd-wrt.com/changeset/50824

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Mon Nov 07, 2022 15:30    Post subject: Reply with quote
Changeset [50823] by brainslayer
need to find a solution for certificate first

Interesting, since previous non-ssl version had no issues with https certificates, outside of Let's Encrypt expiration fun. If this is related to router self-signed certificate, then adding IP address exceptions in the configuration should work, I would think.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Mon Nov 07, 2022 16:22    Post subject: Reply with quote
kernel-panic69 wrote:
Interesting, since previous non-ssl version had no issues with https certificates, outside of Let's Encrypt expiration fun. If this is related to router self-signed certificate, then adding IP address exceptions in the configuration should work, I would think.

Certificates again?? Could be a big, red STOP button. Smile

Even big corporations like Micro$oft failed to maintain certificates.

I think DD-WRT needs to update all certificates in its read-only file system every build? Also those encryption keys and DNS zone files? Well...

expired certificate microsoft - Google Search
https://www.google.com/search?q=expired+certificate+microsoft

internet outage expired certificate - Google Search
https://www.google.com/search?q=internet+outage+expired+certificate

Mozilla issues fix after it lets cert expire and Firefox add-ons go belly-up | Computerworld
https://www.computerworld.com/article/3393446/mozilla-issues-fix-after-it-lets-cert-expire-and-firefox-add-ons-go-belly-up.html

Expired "Let's Encrypt" certificate on old Firefox - Super User
https://superuser.com/questions/1679276/expired-lets-encrypt-certificate-on-old-firefox

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Mon Nov 07, 2022 16:54    Post subject: Reply with quote
There are post-3.0.33 upstream commits that may be relevant to the "issue", whatever it is:

https://www.privoxy.org/gitweb/?p=privoxy.git;a=shortlog

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum