Add Support Proxy

[BrillStone]

Please add support proxy

[photonometric]

This is a feature I would like to see, as well. However, it's really more of a KeePass program issue than a plugin issue (though it seems plugins might be able to use their own settings regarding proxy usage).

Tools->Options->Advanced has a proxy button, through it doesn't seem to work with SOCKS5, so I can't really test it atm.

However, what I can say is that checking for updates in the help menu just times out with the proxy failure. However, trying to download a favicon pops up a firewall request, which might indicate that this plugin does not use the KeePass configured proxy, as one would expect from a plugin contained within other software. While downloading favicons isn't exactly mission-critical security, it is troubling and potentially problematic if this plugin ignores configuration and simply uses the system default.

If this is the case (and since this plugin hasn't been updated in 3 years), a workaround is to use a program that "captures" all the internet traffic of a specified program and allows it to be routed through a proxy. ProxyCap and Super Socks5Cap are two programs I've used extensively for this purpose.

Someone with an HTTP proxy and a firewall could test to see if the plugin respects the proxy configuration when it is working correctly in KeePass.

[luckyrat]

I've not done anything specific to use proxy settings in this plugin. If KeePass has some support for plugins to access and re-use its proxy settings when making their own HTTP requests, I'll gladly accept a patch to add that support but I won't have time to investigate myself for the foreseeable future. If that's not the case, then really the issue is one of getting improvements added to KeePass itself. I wouldn't want this plugin to directly handle the configuration of proxies.

[photonometric]

I wouldn't want this plugin to directly handle the configuration of proxies.

No indeed ^^ But if my quick test was correct and this plugin ignores KeePass proxy settings and just uses the system default, I think that would be worth putting into the readme (or whatever the GitHub project page writeup is called)

[navossoc]

Well, I had the same problem with proxies. By default, it uses the system default (internet explorer settings), if you want to use KeePass proxy settings you will need to code it.

I'm also writing a plugin for KeePass, it is not ready for use yet, but I'm trying to address some issues like the proxy settings and much more.

Feel free to nag me there if you want more information about the plugin.

[]'s

[photonometric]

@navossoc Thanks for confirming my hypothesis. I'm more of an "algorithmic tester" than a programmer, so explication of the issues involved would be wasted on me.

Could you explain how difficult it would be to add the code we're talking about, either as an independent proxy setting within the plugin, or (more appropriately) forcing the plugin to use the configured KeePass plugin? Might not be out of the question to get it done by someone on fiverr if it's relatively easy....

I'll also say it would be extremely cool if what you're programming interesected with this problem in such a way that you could pull request your code and just fix it, but I suspect it's not that easy and you'd have to do a lot more to make it "fit". Would be nice, but it's workaround-able using the programs I mentioned, and honestly the real issue is with the main Keepass program's proxy behavior.

[photonometric]

I just added a bug ticket on the KeePass sourceforge, because I genuinely think this is a security problem for the whole program, which is simply expressed here because the plugin didn't include code saying "obey the settings." But obviously, obeying the program's settings is not something that should take extra coding, but should be either controlled or optioned within the larger program.

Sourceforge #2268: Force Plugins to Obey Proxy Settings

I don't use SF that much and don't know how issues are handled, but adding a + vote and a comment about the security issue would be much appreciated, to help it gain some attention and/or legitimacy. Thanks all!

[navossoc]

@photonometric I'm doing like this: https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/blob/78f776628b125c729d444e20c0d2638bc832449d/Util.cs#L17

The only problem is the method is private, so looks like he doesn't want you use it. Which don't make any sense to me... It can be a little hacky, but hey, why should I write the same code if keepass have a method for setting up his own proxy? Note: this will not compile (yet) because of the c# roslyn syntax and the plgx plugin system. I'll handle this later.

Anyway, if you want you can write more code like this guy and create a proxy object too: https://github.com/Kyrodan/KeeAnywhere/blob/e53a28bb70815fe38226fba291439dce92c29834/KeeAnywhere/StorageProviders/ProxyTools.cs

To be honest, I think it is pretty straight forward add proxy support here.

[darkdragon-001]

@photonometric: I commented on your issue, although it is already closed. I suggested to make the GetWebProxy() method public to use @navossoc's approach without hacking. I also submitted a patch.

You can easily build the latest KeePass version from my fork to try changes.

[navossoc]

@darkdragon-001 I released yesterday the first version of my plugin, if you want to test, take a look: Https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader

PS: Not sure if I agree with Dominik about the proxy thing...

[darkdragon-001]

I implemented a version which uses the IOConnection class as suggested by Dominik. This still needs some more error checking and I have to find out about redirects, cookies and so on, but it already works better than the old version! Further, system-wide settings like Proxy, SSL certificate ignore and so on are obeyed!