[Privoxy-users] Suppressing/modifying some browser fingerprints (ie. Am I Unique?)
Nicholas Bastin
nick.bastin at gmail.com
Fri Jul 17 23:26:04 UTC 2020
On Fri, Jul 17, 2020 at 7:20 PM Lee <ler762 at gmail.com> wrote:
>
> So it looks like the diagram under 'how it works' at
> http://www.proxfilter.net/proxhttpsproxy/
> right?
>
> I've done "bump in the wire" stuff before and never really liked it.
>
> The big thing I like about doing everything in Privoxy is that I get
> to check the cert in the browser. Any site where I care about
> security should show up as having a legit cert; the sites where I'm
> doing https inspection show up with a cert from "Billy Bob's Beer,
> Bait and CA Store".
>
All bumping issues new certificates from your roots, which you of course
put in your host certificate store, just like you would doing it inside
privoxy. Your egress bump handler should be validating the actual server
certificates against your policy (e.g. via an SSL observatory, local hash
for monitoring deltas, etc.). The difference with handling it in a
pipeline is that you break out the pieces so they can be modified
independently, meaning you can shift protocols or cipher suites in your
bump handler without privoxy having to know anything about it, and let
privoxy do what it does best.
--
Nick
More information about the Privoxy-users
mailing list