[Privoxy-users] Cookies from https sites

Az azimuth99 at danwin1210.me
Mon Apr 29 21:58:23 UTC 2019


On Sunday 28 April 2019 11:57,
Ian Silvester <iansilvester at fastmail.fm> put forth the proposition:
> Yes, a script sounds feasible - perhaps something that runs on schedule, parsing the cookie file based on a (set of) regex, so as to retain only cookies that you want to whitelist?

I've just started to look at this, and not knowing that much about
cookies I read the php.net page on setting them and then read up on
how crunch-incoming-cookies works.

I learned that they are set in the header "Set-Cookie:", and I'm
guessing that in an https header they aren't seen.

Is there a list of which headers privoxy can see in an https session,
and/or a list of which it can't?

Thanks

> My PGP public key[http://silvester.org.uk/IanSilvesterPGPPublicKey.asc]
>
> On Sun, 28 Apr 2019, at 11:46, Az wrote:
> > On Sunday 28 April 2019 11:33,
> > Ian Silvester <iansilvester at fastmail.fm> put forth the proposition:
> > > Hi Az,
> > >
> > > It is true that Privoxy cannot see any content, cookies included, within HTTPS sites.  If you search the mailing list archive you'll find a couple of described solutions for chaining with another proxy that decrypts HTTPS; there is no ongoing plan to incorporate such within Privoxy.
> > >
> > > Which browser are you using? Most have cookie management built-in rather than as an extension.
> >
> > I mostly use elinks, which unfortunately only has delete and save
> > buttons, rather than a way of choosing which to accept or refuse, and
> > I will probably just delete them all every now and then.
> >
> > I'm wondering if I could script something though - it saves the
> > cookies into a plain text file I think, and it supports scripting in
> > perl among other things. I might be able to create some kind of white
> > list and delete the others whenever a new page loads or something.
> >
> > > Ian
> > >
> > > My PGP public key[http://silvester.org.uk/IanSilvesterPGPPublicKey.asc]
> > >
> > > On Sun, 28 Apr 2019, at 11:07, Az wrote:
> > > > I have all cookies crunched by default and only allow them from the
> > > > sites I want to login to, however today I noticed I had a huge amount
> > > > of cookies in my browser.
> > > >
> > > > Am I right in thinking that privoxy can't see cookies from https
> > > > sites?  My browser doesn't support any cookie manager extensions, so
> > > > I'd be grateful for any tips to only allow the ones I want.
> > > >
> > > > I understand from another thread that some solution for dealing
> > > > with https traffic is being worked on, but I'm wondering if there is
> > > > some workaround to get privoxy to see https content that could be
> > > > used now?  I'm thinking perhaps another proxy between it and the
> > > > internet or something.  Or would that cause my browser to throw up
> > > > warnings about insecure connections? I already forward traffic
> > > > through 3proxy on the web side.
> > > >
> > > > Thanks for any info and ideas.
> > > >
> > > > --
> > > > Az

--
Az


More information about the Privoxy-users mailing list