yumupgrades for production use, this is the repository for you.
Active subscription is required.
There is software that we all know and love, and more often than not, forget about it.
Privoxy is one of them. It allows you to filter ads and is also a go-to solution for anonymous browsing when it is coupled with Tor.
With the arrival of adblock plugins in Chrome, and the web increasingly using TLS encryption, the filtering power of Privoxy has lessened.
Why, is that, at least by default, it cannot tinker with encrypted traffic between your browser and a remote server.
Fixing Privoxy filtering for TLS connections (which are prevalent nowadays), requires making it a “man-in-the-middle”,
and ensuring trust between the browser and Privoxy’s own TLS certificate.
All that in mind, the Privoxy’s function of being a forwarding proxy between different protocols (HTTP to SOCKS5) is quite capable.
It is used with Tor, and you can use it also for clients which are not capable of talking to SOCKS 5 proxies.
Before we review on using those functions, let’s install Privoxy in CentOS 8 machine:
Install Privoxy in CentOS/RHEL 8
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm sudo dnf install privoxy sudo systemctl start privoxy
Making apps SOCKS5 capable
Privoxy can be used as a forwarding proxy for clients that do not support SOCKS5 proxies.
Let’s take a real-life example, Postman app. It’s a great app for developing/working with APIs. In my case:
- I have SOCKS5 proxy via
- I want to use the Postman app for developing a Telegram bot. The
api.telegram.orgservers are blocked in Russia, so I need to forward Postman requests through the proxy
- Fact: Postman cannot talk to SOCKS5 proxies
We are looking to make things work like this:
Postman -> HTTP proxy (Privoxy) -> Socks5 SSH tunnel -> remote SSH server.
This can easily be set in Privoxy config by putting the following at the bottom of
forward-socks5 .telegram.org 127.0.0.1:8123 .
The configuration above tells Privoxy to forward requests to
api.telegram.org), to SOCKS5 proxy at port 8123 on the same machine.
The dot tells it to make HTTP requests over that SOCKS5 proxy.
Ensure config is applied with
systemctl restart privoxy.
The SOCKS5 proxy, being an “autossh tunnel”, in terms of the configuration, is just a one-liner config file at
OPTIONS=-M 0 -o ControlPersist=no -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -D 8123 -C -N firstname.lastname@example.org
server.example.com is FQDN of remote SSH server to connect to,
john is the SSH username to connect with, and 8123 is the local port where the SOCKS5 will listen on.
You, sure enough, need to have
autossh installed and running, but I’m not touching this in this post.
By default, Privoxy listens on port 8118. So configuring Postman like the following:
And now making requests from Postman becomes a success:
You can have Privoxy filter your SSL traffic and be as powerful as Adblock Plus.
This implies taking strong security measures in securing the “Privoxy parent certificates”, especially if you plan to deploy this in LAN.
I put the links here for later investigation of the options available for SSL filtering, and expand the article as I try them: