Open TheSparrowB opened 2 years ago
krlvm
commented
2 years ago Did FortiGuard install your own certificate for you? Check by opening, for example, GitHub, clicking on the lock icon in the address bar, and viewing certificate details -> issuer.
TheSparrowB
commented
2 years ago Hi. Thanks for the fast response. This is what it shows.
krlvm
commented
2 years ago Try to visit the desired site via HTTPS
TheSparrowB
commented
2 years ago Ok. With https the result is the same.
krlvm
commented
2 years ago You may try to enable SNI Modification, so it will be difficult to detect to which site you are trying to connect.
Use, for example, github.com as fake SNI host.
You will need to import the certificate (powertunnel.pem) to Firefox: instruction
TheSparrowB
commented
2 years ago Ok. I activated SNI and disabled https chunking.
Then I added some sites in the blacklist.
I installed the certificate in the PC with success.
I imported the .pem file in firefox too. But then when I try to access (i.e. cuevana) then it shows this.
krlvm
commented
2 years ago Change Spoil SNI to Fake SNI and set github.com as fake SNI host.
TheSparrowB
commented
2 years ago Ok. I changed it.
But no changes from previous result.
krlvm
commented
2 years ago I think the TLS connection is still being interrupted by the firewall. Something is wrong with the MITM implementation in PowerTunnel >= 2.0, try this version: https://github.com/krlvm/PowerTunnel/releases/tag/v1.14
You will need to install the certificate again
TheSparrowB
commented
2 years ago Ok. I tried the other version and removed both certificates from broser and local machine. Then installed again. The configuration is like this:
The blacklist is the same:
But this time when I activate the proxy on firefox. I don't have access to any webpage. Just localhost.
This is the error.
krlvm
commented
2 years ago The blacklist in the old versions that you showed is not needed to unlock something, but on the contrary, to block something.
Shutdown PowerTunnel server, clear the blacklist, uncheck this and try again with cuevana:
TheSparrowB
commented
2 years ago Ok. Cleared the flags.
Cleared the blacklist.
Now I have access to other pages but still can't access to cuevana.
krlvm
commented
2 years ago Apparently they still use SNI filtering, though I can't confirm this as I don't have anywhere to test it. The last thing worth trying is switching to Erase SNI mode.
TheSparrowB
commented
2 years ago Ohh well, I tried now with the "erase" mode and still no changes. One thing I noted is that now this error appears in most pages now.
Well, I think the security is heavy in my workplace so, there's nothing more to do. Thanks for all pal.
Hi. I ran this software on my workplace PC. I haven't changed any parameters from the plugins. Then, I configured the proxy (as shown) in the firefox browser.
But when I try to enter in a blocked page like cuevana, this thing appears.
Is there a way to make it work to bypass the fortiguard firewall? Am i missing something? Do I need to add an extra plugin?. Please I need help.