# Boosting up privoxy's capabilities

## ryszardzonk

Guys I have created ebuilds for packages enhancing privoxy ten fold.

https://bugs.gentoo.org/656484 net-proxy/adblock2privoxy - Convert adblock config files to old PCRE format which privoxy uses

https://bugs.gentoo.org/656470 net-proxy/proxhttpsproxy - MITM SSL proxy helper (to use privoxy with SSL sites)

Ebuilds themselves may need of slight improvement here and there, but nevertheless are ready to use. For proxhttpsproxy I wondered if there others more widely adopted programs, but I would this one quite easy to set up (only few days of hair pulling  :Wink:  to get it to work with squid for transparent proxy). MITM is not what is most desired by users as traffic may be logged, but I find it great way to increase privacy (use of privoxy for most devices on the network) and security at the same time (ssl connections to servers are established with updated openssl package from the server, while many boxes in the network may have firmware/packages outdated for years).

In case anyone wants to set up it network wide for transparent proxy with following chain (Squid - ProxHTTPSProxyMII - Privoxy) beware of Android as it would not work for not unblocked devices (phones, Chromecast).

To fully strip browsers from adblock/ublock addons two issues Issue 6 and Issue 7 may need to be resolved. While second one may be worked around it easily the other one is much more complex and would fix as in my case 452 errors for those most pesky sites so code improvements here are welcomed  :Smile: .

 *Quote:*   

> Elements hiding rules: 74954
> 
> Errors: 452
> 
> Request block rules for exception: 9357
> ...

 

PS Reason I posted it in Networking & Security instead of Documentation, Tips & Tricks is that looking into what ProxHTTPSProxyMII exactly does with encrypted traffic would be welcomed. I do not not see in the code anything in there pointing traffic to FSB, NSA or any other trustworthy company, but there again I am not a programmer  :Wink: 

----------

## Zucca

I had plans for this AdBlock --> Privoxy since two years ago, but never had time and when I had time I forgot it. So my solution was to use a HUGE hosts file.

Thanks to you, I'll finally do the move. Let's see if I still have my preliminary nftables skills left to make the routing...

----------

## ryszardzonk

I do following with iptables.

```
#!/bin/bash

ipt=/sbin/iptables

INT_IF="enp2s0"

# redirect http traffic for whole network to squid transparent cache

${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.0/24 ! -d 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 8080

# redirect https per host based traffic to squids https_port

${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.2 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090

${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.3 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090

${ipt} -t nat -A PREROUTING -i ${INT_IF} -p tcp -s 192.168.1.4 ! -d 192.168.1.0/24 --dport 443 -j REDIRECT --to-port 8090
```

I never got around to using tproxy for that as this is the same when one sets transparency in squid 

```
http_port 192.168.101.1:8080 intercept
```

.

----------

## ryszardzonk

In case one would like to try never version of ebuilds where some issues mainly with converter have been addressed they are available here for testing

For those that do not want to install adblock2privoxy due too quite large number of dependencies or simply would like to try prepared filters on their privoxy config as they address few more issues with converter they are available here

ownfilter-*.tar.xz      - files to be added to privoxy config directory

css_hide-*.tar.xz      - files to be added to web server element hidding to work

remove-adware-*.sh - script with which config has been prepared

And for those that feel the urge to help out it development here is some links for you   :Wink: 

http://projects.zubr.me/report/1

https://github.com/essandess/adblock2privoxy/issues - Fork which fixed several issues with original repo (used by ebuild)

https://github.com/wheever/ProxHTTPSProxyMII/issues

https://www.prxbx.com/forums/forumdisplay.php?fid=48 - Most recent version fixes few issues with ProxHTTPSProxyMII

EDIT: Spending more time on improving privoxy than normal human being should have I missed out that about week ago I lost after more than 10 years my free dydns hostname. I replaced it with new one

----------

## ryszardzonk

Let the Internet feel the privoxy's wrath  :Exclamation: 

Today's installment of overlay along with deployment features delivered with it would increase default privoxy settings several fold.

2018.07.16 Main new features

- greasemonkey 2.0 emulation filter & action files for privoxy

- templates loading several online scripts for various sites found in filters

- fixes for cases of javascripts and css files not loading properly due to being rewritten by privoxy

- adblock2privoxy filter conversion scripts working around number of its bugs

- altering adblock2privoxy default element handling features (expert use flag) which fixes up to 13 000 otherwise improperly translated rules

Now if anyone has idea why greasemonkey may not be safely enabled for all sites as sometimes it leads to stretched pictures or why they would not load on youtube or several other sites I would welcome the fix for it.

2018.07.23 Main new features

- Today's patch introduces very important changes to the way in which adblock2privoxy does hosts record conversion. This greatly limits false positives described in detail on on that github thread

- Squid 4.1 added to the overlay

- included all scripts and configs for privoxy & adblock2privoxy for easy deployment

Get it here

----------

