Privaxy, an ad-blocking proxy

Darkcrizt

4 minutes

privatexy

An ad-blocking proxy

Nowadays One of the main concerns of users on the network is the issue related to privacy of your information and before this there are a large number of solutions that range from those implemented by the web browsers themselves, to options such as using third-party applications, among other things.

Day today we will talk about Privaxy which is an ad blocking proxy and cross site tracking code.

Privaxy recently updated to its version 0.5 and I can mention that is an HTTP(s) MITM proxy that sits between HTTP(s) chat applications, such as a web browser, and HTTP servers, such as service websites. By establishing a two-way tunnel between the two endpoints, Privaxy can block network requests based on URL patterns and inject scripts and styles into HTML documents.

Operating at a lower level, Privaxy is more efficient and more optimized than browser plug-in based blockers. A single instance of Privaxy in a small virtual machine, server, or even on the same computer from which the traffic originates can filter thousands of requests per second and requires a very small amount of memory.

The implementation of the blocker is in the form of a separate proxy server that allows it to be used as a universal solution that allows the user to filter requests not only from web browsers. The proxy is also independent of browser restrictions, such as those imposed by the third version of the Chrome manifest, and provides better performance and lower resource requirements.

For example, when loading 320 thousand filters, the memory consumption is 50 MB and it is possible to filter thousands of requests per second.

The way Privaxy works is to implement an intermediate filter between the user and the sites, using TLS certificate spoofing to intercept the content of encrypted HTTPS sessions and hide the MITM warning.

Privaxy generates its own certificate, which the user installs in the certificate store of your system (/usr/local/share/ca-certificates/) and prescribes that applications work through the localhost:8100 proxy. Two build options are provided: a console utility and a graphical interface that allows you to manage settings, visually track current activity, and view crash statistics.

When an HTTPS request is received from a user, Privaxy establishes a TLS connection with the target server on its own behalf and obtains its certificate, after which it uses the hostname of the actual certificate received from the server and creates a dummy certificate linked by a chain of trust to the root certificate generated for the user.

Using a dummy certificate, the proxy impersonates the requested server when communicating with the client, while continuing to use the TLS connection established with the destination server to receive data. For selected hosts and domains, it is possible to disable forwarding using the MITM technique.

In addition to removing ads based on URL masks, Privaxy also offers the ability to insert JavaScript code and CSS styles into rendered HTML documents.

Adblock Plus compatible filters such as Easylist are supported. Content substitution supports uBlock Origin's syntax for scripts, controllers, and redirects, as well as its own syntax for setting arbitrary custom filters. External lists connected with filters are updated automatically.

Of the features that stand out from Privaxy:

  • Support for Adblock Plus filters, such as easylist
  • Web GUI with a statistics screen as well as a live request browser.
  • Support for uBlock js source syntax.
  • Support for uBlock redirect source syntax.
  • Support for uBlock origin scriptlets.
  • Independent of the browser and the HTTP client.
  • Support for custom filters.
  • Support for excluding hosts from the MITM pipeline.
  • Support for protocol upgrades, such as with websockets.
  • Automatic filter list updates.
  • Very low resource consumption.
  • About 50 MB of memory with about 320 filters enabled.
  • Capable of filtering thousands of requests per second on a small machine.

Finally, if you are interested in being able to know more about it, you can consult the details in the following link.

The project's code is written in Rust and is distributed under the AGPLv3 license, and ready-made builds are provided for Linux (AppImage, deb), Windows, and macOS.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.