PerProxy: Perspectives with non-Firefox Browsers

Von Welch contacted me recently with a really cool idea: make a client-side proxy that implements Perspectives logic.  This client-side proxy would work with any browser, finally giving us an answer to the people who contact us asking for Perspectives on Chrome/IE.

The proxy plays a really cute trick: it acts as a man-in-the-middle itself, so it can have complete control over whether the browser displays a website connection as secure or not.  This is secure, but if it sounds scary, you should probably stop reading right now.  This code is still new and is really just for experimentation by the kind of person who would have read the above explanation and thought: huh… that’s pretty cool.

Von quickly whipped us a experimental implementation in python.  This blog entry is about getting this proxy code working with Google Chrome on Ubuntu.

To get started, install some build dependencies :

sudo apt-get install git build-essential libsqlite3-dev libssl-dev

Now build and install Python2.7, so you can run python2.7 in addition to the default python that ships with Ubuntu:

wget http://python.org/ftp/python/2.7/Python-2.7.tgz
tar xvfz Python-2.7.tgz
cd Python-2.7/
./configure
make
sudo make altinstall
cd ..

Now build and install Me Too Crypto, a cryptography library for python (Note: you MUST use python2.7 to run setup.py):

wget http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-0.21.1.tar.gz
tar -xzf M2Crypto-0.21.1.tar.gz
cd M2Crypto-0.21.1
python2.7 setup.py build
python2.7 setup.py install
cd ..

Next, use git to grab the latest copy of the PerProxy code:

clone git@github.com:von/PerProxy.git
cd PerProxy

Next, generate a private key and certificate that will be used by the proxy:

python2.7 m2crypto-create-ca.py

This creates “ca-key.pem”, the private key, and “ca-cert.crt”, the corresponding certificate.

The next thing to do is have Google Chrome add this certificate as a trusted root certificate.  To do this:

  • Click on the “wrench” icon
  • Select “Preferences”
  • On the left bar, click on “Under the Hood”
  • Click “Manage Certificates”
  • Click “Authorities”
  • Click “Import”
  • In the file dialog, browser to the PerProxy directory and choose the file ‘ca-cert.crt’ and click Open.
  • Select “Trust this certificate for identifying web sites. “
  • Click “OK”

Next, start running the proxy, which defaults to listening on localhost port 8080 (‘-d’ give extra debug output):

python2.7 PerProxy -d

Then configure Google Chrome to use this proxy for all HTTP traffic.

  • Click on the “wrench” icon
  • Select “Preferences”
  • On the left bar, click on “Under the Hood”
  • Click “Change Proxy Settings”
  • Select the “Manual Proxy Configuration” radio button.
  • In the “Secure HTTP Proxy”, enter a host value of “localhost” and a port of “8080”
  • Click Close
  • When a dialog prompts you again whether you want to apply these changes system-wide, click “Close” again.

To see PerProxy “promote” a certificate that would not normally be trusted, visit: https://moo.cmcl.cs.cmu.edu .  This site has a self-signed certificate and would normally result in a Chrome security error, but with PerProxy it is allowed as long as the notaries validate the certificate.

Awesome work Von!

Advertisements
  1. #1 by Air Proxy on January 15, 2012 - 5:47 pm

    is it web proxy ?

  2. #2 by Reginald Mccright on January 22, 2012 - 7:18 am

    I use uTorrent and wish to defend myself from being tracked or identified when downloading. I googled something like “torrent proxy” and located a web page with a list of proxy IPs together with their respective ports and proxy types. I found a SOCKS5 proxy and typed inside the IP and port into my connection preferences. Is this adequate to hide myself, or is there something else I’ve to do?

  3. #3 by daveschaefer on March 30, 2012 - 5:20 pm

    Hey guys,

    @Air Proxy: This is not a web proxy – it is simply a way to get Perspectives to work on other web browsers.

    @Reginald: Sorry, Perspectives isn’t really meant to help with being tracked or identified. You’re probably better off asking on a uTorrent forum.

  4. #4 by Bilge on May 24, 2012 - 11:02 pm

    Great review! You aclualty overviewed some valuable news here. I came across it by using Bing and I’ve got to admit that I already subscribed to the RSS feed, it’s very great

  5. #5 by Chromium on January 25, 2014 - 3:25 am

    does this actually work with windows?

    • #6 by daveschaefer on January 30, 2014 - 6:18 am

      I have never tried this on Windows, you’d have to ask the author Von Welch. Perhaps ask on our mailing list, in case anyone else has done it?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: