Cannot connect via a proxy

leindividual · December 6, 2020, 5:34pm

I need to browse with a FF or Chromium inside a Whonix client, but whenever I connect via Socks5 proxy, certain websites just won’t load. The error code it shows:

Software is Preventing Firefox From Safely Connecting to This Site

duckduckgo.com is most likely a safe site, but a secure connection could not be established. This issue is caused by **None**, which is either software on your computer or your network.

Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED

Similar thing happens with Chromium. I’ve tried playing with options

Proxy DNS when using SOCKS v5
Enable DNS over HTTPS

with no change. The proxies I tried came from multiple proxy websites. Ialways checkif they’re live. Some websitwesdo work, some don’t no matter the proxy I use (I suspect it’s a matter of http/https website). Note that I also change the time on Whonix client to target destination timezone (EU - US). I enter the proxy details into “Socks proxy” form in FF network settings and leave the other three forms empty.

Any idea what might be causing this?

Patrick · December 7, 2020, 3:23pm

Shouldn’t use Firefox or Chromium in Whonix. Reasons, see:

Shouldn’t currently use Debian Chromium package. Reason, see:

General notes:

^ Above page also contains instructions how to use Tor Browser or Whonix generally with a proxy (User → Tor → Proxy → Internet).

Tor Browser proxy settings also here:

Tor Browser Advanced Topics

Shouldn’t change time zone. Reasons:

Post-installation Security Advice

I can confirm what Whonix to my knowledge doesn’t contain any code to restrict proxy use (anywhere, in Firefox or Chromium). Certainly not intentionally.

Would probably be same issue on Debian without Whonix involved. Therefore suggested to resolve as per Self Support First Policy for Whonix.

HulaHoop · December 7, 2020, 3:35pm

You can connect if you disable HTTPS cert checks in the browsers config, but I wouldn’t do that unless you absolutely don’t care if about the data you send:

leindividual · December 8, 2020, 10:01pm

Yeah, that’s what I wanna avoid for security reasons. But if it’s the only way… I still think it’s me who got something wrong in the setup process.

leindividual · December 8, 2020, 10:05pm

Sometimes I can connect to http sites only and the message changes to
Unable to find the proxy server
or
PR_END_OF_FILE_ERROR

Patrick · December 9, 2020, 7:33am

If the proxy screws up TLS in such obvious ways, it’s hard to get a better, more easily visible reason to not use the proxy.

leindividual · December 10, 2020, 9:33pm

Do you have a tip for a source of better free proxies?