×
Few antiviral products inadequately detect 3proxy as Trojan.Daemonize,
Backdoor.Daemonize, etc and many detect 3proxy as a PUA (potentially unwanted program).
It may cause browser warning on download page.
3proxy is not trojan or backdoor and contains
no functionality except described in documentation. Clear explanation of this
fact is given, for example, in
Microsoft's
article.
3proxy SSL/TLS plugin
Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for proxy traffic.For transparent certificate spoofing:
ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
ssl_nomitm - do not spoof certificates for services started below
To protect traffic to server (https:// proxy) - since 0.9.5 version
ssl_serv - require TLS connection for services belowssl_noserv - do not require TLS connection for services below Parameters:
ssl_server_cert /path/to/cert - Server certificate (should not be selfsigned and must contain Alternative name) for ssl_serv
ssl_server_key /path/to/key - Server ceritifacte key for ssl_server_cert or generated mitm certificate
ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
ssl_server_ciphersuites ciphersuites_list - TLS server ciphers for TLS 1.3
ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_server_cipher_list ciphersuites_list - TLS server ciphers for TLS 1.2 and below
ssl_client_min_proto_version tls_version - TLS client min TLS version (e.g. TLSv1.2)
ssl_server_min_proto_version tls_version - TLS server min TLS version (e.g. TLSv1.2)
ssl_client_max_proto_version tls_version - TLS client max TLS version (e.g. TLSv1.2)
ssl_server_max_proto_version tls_version - TLS server max TLS version (e.g. TLSv1.2)
ssl_client_verify - verify certificate for upstream server in TLS client functionality (used with ssl_mitm)
ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default)
ssl_server_ca_file /path/to/cafile - CA certificate file for mitm
ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file mitm CA
ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client
ssl_certcache /path/to/cache/ - location for generated mitm certificates cache, optional, if ssl_server_ca_file / ssl_server_ca_key are configured. Cache may contain 3 files: 3proxy.pem - public self-signed certificates (used if ssl_server_ca_file is not configured), 3proxy.key - key for public certificates, used if ssl_server_ca_keyserver.key is not configured, server.key - this key is used if ssl_server_key is not configured to generates spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates. Generated certificates are placed to the same path.
mitm example:
plugin /path/to/SslPlugin.dll ssl_plugin ssl_server_ca_file /path/to/cafile ssl_server_ca_key /path/to/cakey ssl_mitm proxy -p3128 ssl_nomitm proxy -p3129mitm's traffic with spoofed ceritifacate for port 3128 proxy.
https:// proxy example:
plugin /path/to/SSLPlugin.so ssl_plugin ssl_server_cert path_to_cert ssl_server_key path_to_key ssl_serv proxy -p33128 ssl_noserv proxy -p3128creates https:// proxy on 33128 and http:// proxy on 3128 © Vladimir Dubrovin, License: BSD style
