ProxHTTPSProxy and HTTPSProxy in Windows XP for future use
Introduction:
The idea of this little thread is to provide information and recent findings I've made relating to the SSL proxies ProxHTTPSProxy and HTTPSProxy. Due to the fact that I don't use other older NT based Operation Systems (OSs) except Windows XP Professional all my observations and explanations are referring to both proxies in Windows XP only. So please do not comment off-topic in this thread!
I am AstroSkipper, a member of MSFN since 2010, and was involved in restoring of access to Microsoft Update (MU) web site in Windows XP (and some other OSs). This is the thread:
While restoring MU in my own Windows XP Professional system I had to solve a lot of problems and had among other things some significant findings relating to ProxHTTPSProxy and HTTPSProxy too. The above mentioned thread is now over 90 pages long and unfortunately very bloated. In most cases visitors or members of MSFN don't want to read over 90 pages to filter and get information they need and have looked for. A lot of comments are part of conversations which no longer can be retraced or understood easily by people who weren't participated. Therefore I wanted to make my own findings accessible to all interested people in a clear, short way. That's why I decided to make my own thread to provide some facts, tips and especially news referring to these proxies. It is an unfortunate circumstance that the creators of ProxHTTPSProxy and HTTPSProxy, @heinoganda and @Thomas S., haven't been here for a long time and no further development of these proxies has been made the last years. Of course, we thank both creators explicitly for these outstanding proxies, we are very glad to have them, but they have to be used as they are. This is the reason why we have to ask ourselves whether they'll continue doing their job in the future or not. But maybe some of you don't really know what actually their job is.
Purpose of ProxHTTPSProxy and HTTPSProxy:
Originally ProxHTTPSProxy was created for Proxomitron as a SSL Helper Program. Proximotron is a local HTTP web-filtering proxy. Here are two links about Proxomitron: http://www.buerschgens.de/Prox/index.html (German web site, use Google Translator if necessary) and
This is a quotation from a post of the developer called "whenever" who had made ProxHTTPSProxy originally:
QuoteFor every https request, it returns a "307 Moved Temporarily" response with a "Location" header pointing to the http version of the request. The purpose is to switch the browser from https mode to http mode. For every http request, it fetches the content through https protocol and feeds the decrypted content to the browser. The communication between ProxHTTPSProxy and the remote server is https while the communication between ProxHTTPSProxy and the browser is still http so Proxomitron gets a chance to filter the content.
Source link: https://prxbx.com/forums/showthread.php?tid=1618
Here an image to show how ProxHTTPSProxy works:
ProxHTTPSProxy and HTTPSProxy were created by our members mentioned above to provide modern nag-free HTTPS connections for an HTTP proxy. The main purpose in Windows XP is in adding modern ciphers to HTTPS connections of Internet Explorer (IE) to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates (KB4230450, KB4316682 and KB4019276). Here is a link with further information how TLS 1.1 and TLS 1.2 can be enabled in Windows XP:
The original ciphers of IE are outdated and therefore a lot of web sites can't be accessed or they don't work properly due to SSL issues. More information about these proxies you can find in the original thread:
Area of application:
As already said, the main purpose of these proxies is in adding modern ciphers to HTTPS connections of IE to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates. Therefore ProxHTTPSProxy or HTTPSProxy is used in combination with IE to access web sites which couldn't be called up by IE without it. Some programs use Internet Explorer's browser engine called Trident to get data from Internet, to search something or to check for updates. For example my favourite movie database program All My Movies™ checks for updates using IE engine. Without one of these proxies it will fail. Some e-mail clients like eM Client or Eudora are using IE engine too. Some browsers like 360 Extreme Explorer are able to use IE engine for surfing. Another new purpose is to access Microsoft Update web site to look for updates. As I mentioned above I was involved in restoring of access to Microsoft Update (MU) web site in Windows XP (and some other OSs) and we were successful by now. If you're interested in restoring MU functionality, I've written a little guide with the title "Complete guide for restoring Microsoft Update in IE" which can be found here:
Prerequisites:
It seems to be that a CPU with SSE2 instruction set is necessary to let these proxies run. I will test that to confirm it.
Installation:
The program packages provide documents and instructions, actually sufficient. Both proxies do not need any installation. There is no setup installer. They are fully portable with a few exceptions. The user has to edit the config file according to his needs, he should update a special certificate called 'cacert.pem' and he has to install the proxy's root certificate properly in any case. But to avoid unnecessary repetitions, I'll come back to that later in section Configuration. The location of their program folder can be chosen freely. For this purpose I've created a folder "Portable" in my system partition. I have created this folder to remind me that programs inside folder Portable do not have to be uninstalled.
Configuration:
The configurations of these proxies are a bit different.
Configuration of ProxHTTPSProxy:
- Install ProxHTTPSProxy's root certificate 'CA.crt' under Trusted Root Certification Authority manually or apply 'ProxHTTPS Cert Install.exe'. Alternatively you can use the more recent ProxHTTPSProxy Cert Installer which has been modified and updated by me. You can find it in section Downloads.
- Edit the config file 'config.ini' according to your needs. More detailed explanations at the end of this section.
- Update the certificate 'cacert.pem' by downloading and inserting it manually (see cacert Update.txt) or automatically by applying 'cacert_Updater.exe'.
Configuration of HTTPSProxy:
- Generate a new HTTPSProxy's root certificate 'HTTPSProxyCA.crt' by opening 'HTTPSProxy.exe' and closing its window when the process is over.
- Install HTTPSProxy's root certificate 'HTTPSProxyCA.crt' under Trusted Root Certification Authority manually. Alternatively you can use the brand new HTTPSProxy Cert Installer which has been created by me. You can find it in section Downloads.
- Edit the config files 'config.ini' and 'Launcher.ini' according to your needs. More detailed explanations at the end of this section.
- Update the certificate 'cacert.pem' by downloading from url https://curl.se/ca/cacert.pem and inserting it manually (see Installation-Update_EN.txt) or automatically by clicking cacert.pem update in Launcher's menu.
- Execute the reg file 'Inet_CurUser_ProxySettings.reg'.
Both proxies have got a config file called 'config.ini'. The following parameters of the proxy can be specified there:: ProxAddr, FrontPort, BackPort, LogPort and LogLevel. Look into this file and you'll get short descriptions of these parameters. Furthermore there are special sections titled [SSL No-Verify], [BLACKLIST], [SSL Pass-Thru] and [BYPASS URL]. In these sections url addresses can be inserted letting the proxy know how to perform them. HTTPSProxy has a second config file called 'Launcher.ini'. Here you can set up the Launcher of HTTPSProxy. A short description can be read at the beginning of each file section.
Here you can see HTTPSProxy's config file similar to the one of ProxHTTPSProxy:
More detailed information about the parameters and sections can be found in their doc files.
Both proxies can be set as system-wide proxies using 'proxycfg.exe'. Here are proxycfg's command line parameters:
proxycfg
This command displays the current WinHTTP proxy settings.
proxycfg -d
This command specifies that all HTTP and HTTPS servers should be accessed directly. Use this command if there is no proxy server.
proxycfg -p proxy-server-list optional-bypass-list
This command specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for a given protocol and that server is not in the bypass list, the -p option specifies that the server cannot be accessed at all.
proxycfg -d -p proxy-server-list optional-bypass-list
This command specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for the given protocol, the -d option specifies that the server should be accessed directly instead.
proxycfg -u
This command imports the Internet Explorer proxy settings of the current user. WinHTTP does not support auto-discovery and configuration script-based proxy settings.
So far so good, but unfortunately that's not the whole truth.
Configuration of these proxies to access MU web site successfully nowadays:
MU web site can be accessed only by IE, but nowadays it needs the more recent cryptographic protocol TLS 1.2. That's the reason why MU wasn't available in the past. Therefore we have to use one of these proxies to gain access. If all steps of my "Complete guide for restoring Microsoft Update in IE" have been performed properly, you would like to call up MU web site. But in some cases problems could occur. One of them is to get a MU web site with output of error code 0x80072f8f (hexadecimal notation). I had examined this error deeply and could solve it. But what does that have to do with our proxies? Of course a lot, otherwise I wouldn't have mentioned it. Here you can read my short post "Final fix of error code 0x80072f8f while accessing WU or MU web site":
The steps in order:
1. Delete old 'CA.cert' file in ProxHTTPSProxy's program folder.
2. Delete all certificates in ProxHTTPSProxy's certs subfolder.
3. Update 'cacert.pem'.
4. Open 'ProxHTTPSProxy.exe'. A new ProxHTTPSProxy CA certificate 'CA.crt' valid for another ten years has been generated.
5. Import this new ProxHTTPSProxy CA certificate to Trusted Root Certification Authority but under account local computer.
And exactly here lies the problem. You have to import this certificate in a special way to ensure it is really installed in Trusted Root Certification Authority under account local computer. Otherwise it can happen that this certificate is installed in Trusted Root Certification Authority under account current user. And that is definitely the cause of error code 0x80072f8f. No one had told us where this certificate has to be installed to. No hints in the doc files of both proxies. And how can we do that? Here are the detailed steps using the Microsoft Management Console:
- Open console by typing mmc.
- Add a snap-in for certificates.
- Choose for local computer
- Import your recently generated ProxHTTPSProxy CA certificate to Trusted Root Certification Authority.
- Finished.
Now we have to modify the config file. Alternatively you can use my pre-configured config files in section Downloads.
- Open config.ini in an editor of your choice.
- Add these urls under section [SSL No-Verify]:
urs.microsoft.com
c.microsoft.com*
*one.microsoft.com*
download.windowsupdate.com
cc.dcsec.uni-hannover.de
fe2.ws.microsoft.com
*update.microsoft.com
ds.download.windowsupdate.com
- Save your changes.
- Finished.
Of course same procedure for HTTPSProxy with one exception: HTTPSProxy's root certificate is named 'HTTPSProxyCA.crt'. Fixing error code 0x80072f8f leads to fixing another problem and that is the validity of Proxy's root certificate. From now on a freshly generated root certificate of ProxHTTPSProxy or HTTPSProxy valid for another ten years will be fully functional because we finally know where it exactly has to be imported to. Maybe you understand now how important it is to configure these proxies properly. Otherwise they wouldn't work flawlessly. In section Downloads I provide separate CA Certificate Installer and Uninstaller for both proxies. They have been created by me for the people who do not dare to generate and install certificates themselves. Due to a modification made by me these installers and uninstallers do now their job properly i.e. the certificate installation will be definitely performed in Trusted Root Certification Authority under account local computer. If you asked me which kind of certificate installation you should choose, I would recommend the manual method. For security reasons only. The installers contain a pre-generated root certificate of its proxy which will be installed properly. But as a result all users of these installers will have got the same certificate unfortunately. Normally no good. But do we really want to spy each other? I don't think so. On the other hand using the manual method we all will have an unique certificate without any risks. So it's up to you! 
Usage:
The usage of these proxies is very simple but a bit different.
Usage of ProxHTTPSProxy:
The best way to start ProxHTTPSProxy is to execute 'ProxHTTPSProxy_PSwitch.exe'. In this case ProxHTTPSProxy will set up itself automatically and delete its settings when closing. You can check the settings of ProxHTTPSProxy in Internet Options of IE. Here is a screeshot of ProxHTTPSProxy's program window:
Usage of HTTPSProxy:
The way to start HTTPSProxy is a bit different. For starting it you have to simply drag 'HTTPSProxy.exe' to 'Launcher.exe" by drag & drop and a new system tray icon appears. Via this icon all available options of HTTPSProxy's Launcher are accessible. There are a lot of options: exit, restart, launch HTTPSProxy with Windows, edit config.ini, cacert.pem update, enabling or diabling HTTPSProxy, Update Windows root CAs, edit Launcher.ini and so on. Here are some screenshots of HTTPSProxy:
Launcher's menu:
HTTPSProxy - switched on and switched off:
HTTPSProxy's program window:
HTTPSProxy while accessing MU:
If connection errors occur, you can check the settings of HTTPSProxy in Internet Options of IE and set them manually or automatically by applying reg file 'Inet_CurUser_ProxySettings.reg'. And now one important hint. If you want to use both proxies in your system, you mustn't run them in RAM at same time! Otherwise the selected proxy won't work at all. You have to close the unused proxy to use the other. Keep that in mind! 
Maintenance of ProxHTTPSProxy and HTTPSProxy for future use:
We have to carry out a bit of maintenance to ensure that these proxies are working properly. First of all, the system's root certificates should be updated every three months. If you have not done that yet, you can use the current root certificate updater in section Downloads where a version with separate installers for Root Certificates and Revoked Certificates or an AIO version of these installers can be downloaded from. Then you should check following list:
- Periodically updating of 'cacert.pem'.
- Maintenance and check of config file according to your needs..
- Check of validity of proxy's root certificate.
- Deleting of all certificates in Proxy's certs folder if proxy isn't working properly.
- Checking state of Proxy in IE or in system.
Versions:
Last known version of ProxHTTPSProxy released in November of 2019: ProxHTTPSProxy REV3e.
Here is a link:
Last known version of HTTPSProxy released in November of 2018: HTTPSProxy_Launcher_v2_2018-11-06
Here are two links:
and
Downloads:
ProxHTTPSProxy REV3d can be downloaded here: https://i430vx.net/files/XP/ProxHTTPSProxyMII_REV3d_PY344.7z. Credits to @heinoganda.
ProxHTTPSProxy REV3e can be downloaded here: https://msfn.org/board/applications/core/interface/file/attachment.php?id=49205&key=1d82b78adecd29bef6d02d67c214249a. Credits to @heinoganda.
HTTPSProxy in the version of HTTPSProxy_Launcher_v2_2018-11-06 can be downloaded here: https://www.mediafire.com/file/ku859ikt2t79cgl/HTTPSProxy_Launcher_v2_2018-11-06.7z/file. Credits to @Thomas S..
Root Certificate and Revoked Certificate Updater of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/n4ea8nbijox88o3/Roots_Certificate_Updater_24.02.22.7z/file
Root Certificate and Revoked Certificate Updater (AIO version!) of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/8ler7d9z8aesz08/rootsupd.exe/file
ProxHTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 modified and built by @AstroSkipper: https://www.mediafire.com/file/9tnonnlymrp98f8/ProxHTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file
HTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 created by @AstroSkipper: https://www.mediafire.com/file/sx1i6w2c6f1hvwm/HTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file
ProxHTTPSProxy's config file to access MU web site successfully modified by @AstroSkipper: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file
HTTPSProxy's config file to access MU web site successfully modified by @AstroSkipper: https://www.mediafire.com/file/6emtdvx2vmw4iz8/HTTPSProxy_-_config.ini/file
The installers created by myself or built by me will be updated from time to time if necessary.
Update notification: Both versions of Root Certificate Updater have been updated and are now of 02/24/2022.
Conclusion:
At the beginning of this thread I said we had to ask ourselves whether these proxies would continue doing their job in the future or not. After all these observations and explanations the answer of this question is quite clear: Yes, of course. But we have to avoid misconfiguration of these proxies, and in addition we know they won't work properly without updating and carrying out maintenance. Doing all these things leads to a general, positive side effect for those loving their Windows XP. If all is done correctly, we are now able to use a freshly generated 10 years valid root certificate of ProxHTTPSProxy or HTTPSProxy at any time as long as Windows XP, Internet Explorer access to WWW, TLS 1.2 functionality, Microsoft Update for Windows XP or the user himself still exists. 
Disclaimer:
All information that I spread here corresponds to my level of knowledge. Most of it has been carefully researched by me. I tested all programs of section Downloads extensively, and they worked properly in my system. Nevertheless, I do not assume any guarantee either for the correctness and completeness or for the implementation of my tips. The same applies to the application of my tools in section Downloads. Therefore all at your own risk!
You can use commenting zone below to tell us about your experiences, problems and questions or to provide further tips and recommendations, but all should refer to this article. That means please be on-topic!
If you enjoyed this article or maybe you found it interesting and helpful, I would be pleased about any reaction by liking, upvoting and of course commenting. 
Kind regards, 
AstroSkipper