privoxy (www/privoxy) Updated: 1 year, 7 months ago Add to my watchlist

Advanced filtering web proxy

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, modifying web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.

Version: 3.0.34 License: GPL-2 GitHub
Maintainers essandess
Categories net security www
Homepage https://www.privoxy.org/
Platforms darwin
Variants
  • ecc (Use Elliptic Curve Keys for HTTPS Inspection.)

Subport(s) (1)


"privoxy" depends on

lib (4)
build (5)
fetch (1)
run (4)

Ports that depend on "privoxy"




Port notes

Edit ${prefix}/etc/privoxy/match-all.action to specify which domains will use https-inspection.

Configure HTTPS inspection by creating a local Privoxy certificate authority (CA). As sudo:

cp -R ${prefix}/etc/privoxy/ca.macports ca.hostname && cd ca.hostname
# edit openssl.cnf for your local organizationName, commonName, etc.

# generate a strong password, use for both -passin and -passout
# avoid passphrases with '#' as the passphrase is set in config
sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null \
| paste -s -d -- '-' 1> private/passphrase.txt
cat private/passphrase.txt private/passphrase.txt \
> private/passphrase-dbl.txt \
&& mv private/passphrase-dbl.txt private/passphrase.txt \
|| rm -f private/passphrase-dbl.txt
chmod go-rwx private/passphrase.txt

# private key (EC)
openssl genpkey -out private/ca.key.pem -algorithm EC \
-pkeyopt ec_paramgen_curve:P-384 -aes256 \
-pass file:private/passphrase.txt

# private key (RSA)
# openssl genpkey -out private/ca.key.pem -algorithm RSA \
# -pkeyopt rsa_keygen_bits:2048 -aes256 \
# -pass file:private/passphrase.txt

# Certificate PEM, DER, and P12
openssl req -config openssl.cnf -new -x509 -days 3650 -sha384 \
-extensions v3_ca -out certs/ca.cert.pem \
-key private/ca.key.pem -passin file:private/passphrase.txt \
-batch
openssl verify -CAfile certs/ca.cert.pem certs/ca.cert.pem
openssl x509 -outform der -in certs/ca.cert.pem -out certs/ca.cer
# https://developer.apple.com/forums/thread/697030
openssl pkcs12 -legacy -export -out certs/ca.p12 -inkey private/ca.key.pem \
-in certs/ca.cert.pem -passin file:private/passphrase.txt \
-passout file:private/passphrase.txt
# verify .p12 passphrase
openssl pkcs12 -legacy -noout -in certs/ca.p12 \
-passin file:private/passphrase.txt

# Install the Privoxy PKI
cp -p private/ca.key.pem certs/ca.cert.pem certs/ca.cer certs/ca.p12 \
${prefix}/etc/privoxy/CA
# Edit ${prefix}/etc/privoxy/config and set ca-password

# Import and trust the CA in Keychain Access
Keychain\ Access.app> Import ca.cer or ca.p12 into the System keychain, trust for X.509.

# Disable MITM for the CA on some FF configurations
Firefox.app> about:config> security.enterprise_roots.enabled> true Startup items (named 'Privoxy, Privoxy.delete-expired-certs') have been generated that will aid in starting privoxy with launchd. They are disabled by default. Execute the following command to start them, and to cause them to launch at startup:

sudo port load privoxy


Port Health:

Loading Port Health

Installations (30 days)

10

Requested Installations (30 days)

5