pierrebarre's comments

pierrebarre · 2024-09-29T21:59:46 1727647186

I am working on https://www.merklemap.com/ A subdomain / CT search engine.

curtisblaine · 2024-09-30T20:13:30 1727727210

How do you discover non public subdomains?

pierrebarre · 2024-10-02T07:49:43 1727855383

Hi,

The mechanism is explained here: https://www.merklemap.com/documentation/how-it-works

pierrebarre · on Dec 14, 2022

Shameless plug: https://github.com/Barre/privaxy

It’s a proxy that does just this.

_abox · on Dec 15, 2022

But with a big privacy risk if anyone ever gets their hands on the root CA (which I hope is generated fresh in every install).

Also, Android blocks user-installed CAs by default now, apps have to opt in to accept user-added ones. That makes it pretty useless. Not sure how iOS deals with this.

themoonisachees · on Dec 15, 2022

Blocking ads on mobile has been a non-supportes use-case for a while.

If you really want to get rid of ads on android, rooting enables you to patch system SSL routines to disable certificate pinning and more. IOS is an apple product.

RunSet · on Dec 14, 2022

This seems like just the thing to finally get adblocking in Steam's integrated browser.

sumtechguy · on Dec 14, 2022

wait... you are using a site that advertises and sells things to disable adverts? I am not following the use case for ublock here?

CBarkleyU · on Dec 14, 2022

Hm? No, they're probably using the integrated browser to browse the internet while being ingame. They're not talking about the store itself.

antman · on Dec 14, 2022

Could this be used per client ip or time frame? Thinking about children filter etc

SparkyMcUnicorn · on Dec 14, 2022

MITM for HTTPS means you'll need to set up each machine with an additional cert. And for this project, you need to configure each machine to funnel through the proxy anyways.

https://github.com/Barre/privaxy#local-system-configuration

Personally, I use NextDNS which allows you to block categories, IPs, and use blocklists.

It's set up on the network level, and I have two separate NextDNS "networks" configured. One for the entire network, one for "privileged" users/devices.

sbarre · on Dec 14, 2022

Thank you! Also, do we have the same last name?

pierrebarre · on May 27, 2022

Shameless plug: https://github.com/Barre/privaxy

It can be easily configured to block any host or path.

pierrebarre · on May 11, 2022

Privaxy is matching chrome on https://badssl.com/dashboard/ and https://www.ssllabs.com/ssltest/viewMyClient.html except that Privaxy doesn't support older TLS versions and poorer ciphers.

It does not mean that there is not a single bug, but I do not think it is fair to completely discount this approach. Especially when the alternative is browser extensions which bring their fair share of trouble regarding trust, performance, limited capabilities or even security.

rfd4sgmk8u · on May 11, 2022

I discount this approach. It is necessary but not sufficient to pass on simple browser SSL tests. There are other complexities that are best left to the browser to negotiate the session.

pierrebarre · on May 11, 2022

What are the things that you think are best handled by the browser while negotiating a session?

rfd4sgmk8u · on May 11, 2022

The connection parameters including encryption parameters and certificate from the origin. There are a lot of weird rules in WebPKI you may miss, this is beyond a general purpose TLS library.

Enforcing Certificate Transparency rules or CAA records, is the proxy doing this?

ThePowerOfFuet · on May 11, 2022

Which browser enforces CAA?

it's a certificate misissuance, but AFAIK it's not up to the browser.