Privoxy

Software Screenshot:
Privoxy
Software Details:
Version: 3.0.26 updated
Upload Date: 5 Sep 16
Developer: Privoxy Developers
Distribution Type: Freeware
Downloads: 62

Rating: 5.0/5 (Total Votes: 1)

Privoxy is an open source, multiplatform and free web proxy with advanced filtering capabilities for protecting privacy on Linux-based operating systems. The software is very flexible and can be customized to suit individual tastes and needs.

It allows users to modify web page content, manage cookies, control access, and remove ads, banners, pop-ups and other annoying Internet junk. Privoxy works on both standalone systems and multi-user environments.

Based on Internet Junkbuster

Privoxy is based on Internet Junkbuster, and features integrated browser based configuration and control utility, browser-based tracing of filter and rule affects, remote toggling, web page content filtering, and much more.

Looking under the hood, we can notice that is has been written entirely in the C programming language. It can be used on any distribution of GNU/Linux, as well as on other UNIX-like operating systems, including FreeBSD, Solaris, Mac OS X and Microsoft Windows.

Getting started with Privoxy

To install and use the Privoxy software on your GNU/Linux operating system, you should first download the latest version of the project from its official website (see the homepage link below) or via Softoware (use the download button above).

Save the archive on a location of your choice, preferably in your Home folder, and use an archive manager tool to extract it. Open a terminal emulator app and go to the location of the extracted archive files (e.g. cd /home/softoware/privoxy-3.0.22-stable).

Run the ‘autoheader && autoconf && ./configure’ command to configure the project for your CPU architecture and operating systems. Then, run the ‘make install’ command as root, or the ‘sudo make install’ command if you’re a privileged user, to install it system wide.

Finally, run the ‘privoxy --help’ command in the Terminal app to view its usage message and what options are available. The software has been successfully tested on 32-bit and 64-bit computer platforms.

What is new in this release:

  • Bug fixes:
  • Fixed crashes with "listen-addr :8118" (SF Bug #902). The regression was introduced in 3.0.25 beta and reported by Marvin Renich in Debian bug #834941.
  • General improvements:
  • Log when privoxy is toggled on or off via cgi interface.
  • Highlight the "Info: Now toggled " on/off log message in the Windows log viewer.
  • Highlight the loading actions/filter file log message in the Windows log viewer.
  • Mention client-specific tags on the toggle page as a potentionally more appropriate alternative.
  • Documentation improvements:
  • Update download section on the homepage. The downloads are available from the website now.
  • Add sponsor FAQ.
  • Remove obsolete reference to mailing lists hosted at SourceForge.
  • Update the "Before the Release" section of the developer manual.
  • Infrastructure improvements:
  • Add perl script to generate an RSS feed for the packages Submitted by "Unknown".
  • Build system improvements:
  • strptime.h: fix a compiler warning about ambiguous else.
  • configure.in: Check for Docbook goo on the BSDs as well.
  • GNUMakefile.in: Let the dok-user target remove temporary files.

What is new in version 3.0.24:

  • Security fixes (denial of service):
  • Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
  • Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz and AddressSanitizer.
  • Bug fixes:
  • When using socks5t, send the request body optimistically as well. Previously the request body wasn't guaranteed to be sent at all and the error message incorrectly blamed the server. Fixes #1686 reported by Peter MA¼ller and G4JC.
  • Fixed buffer scaling in execute_external_filter() that could lead to crashes. Submitted by Yang Xia in #892.
  • Fixed crashes when executing external filters on platforms like Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
  • Properly parse ACL directives with ports when compiled with HAVE_RFC2553. Previously the port wasn't removed from the host and in case of 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail) to resolve "example.org:80" instead of example.org. Reported by Pak Chan on ijbswa-users@.
  • Check requests more carefully before serving them forcefully when blocks aren't enforced. Privoxy always adds the force token at the beginning of the path, but would previously accept it anywhere in the request line. This could result in requests being served that should be blocked. For example in case of pages that were loaded with force and contained JavaScript to create additionally requests that embed the origin URL (thus inheriting the force prefix). The bug is not considered a security issue and the fix does not make it harder for remote sites to intentionally circumvent blocks if Privoxy isn't configured to enforce them. Fixes #1695 reported by Korda.
  • Normalize the request line in intercepted requests to make rewriting the destination more convenient. Previously rewrites for intercepted requests were expected to fail unless $hostport was being used, but they failed "the wrong way" and would result in an out-of-memory message (vanilla host patterns) or a crash (extended host patterns). Reported by "Guybrush Threepwood" in #1694.
  • Enable socket lingering for the correct socket. Previously it was repeatedly enabled for the listen socket instead of for the accepted socket. The bug was found by code inspection and did not cause any (reported) issues.
  • Detect and reject parameters for parameter-less actions. Previously they were silently ignored.
  • Fixed invalid reads in internal and outdated pcre code. Found with afl-fuzz and AddressSanitizer.
  • Prevent invalid read when loading invalid action files. Found with afl-fuzz and AddressSanitizer.
  • Windows build: Use the correct function to close the event handle. It's unclear if this bug had a negative impact on Privoxy's behaviour. Reported by Jarry Xu in #891.
  • In case of invalid forward-socks5(t) directives, use the correct directive name in the error messages. Previously they referred to forward-socks4t failures. Reported by Joel Verhagen in #889.
  • General improvements:
  • Set NO_DELAY flag for the accepting socket. This significantly reduces the latency if the operating system is not configured to set the flag by default. Reported by Johan Sintorn in #894.
  • Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
  • Introduce the new forwarding type 'forward-webserver'. Currently it is only supported by the forward-override{} action and there's no config directive with the same name. The forwarding type is similar to 'forward', but the request line only contains the path instead of the complete URL.
  • The CGI editor no longer treats 'standard.action' special. Nowadays the official "standards" are part of default.action and there's no obvious reason to disallow editing them through the cgi editor anyway (if the user decided that the lack of authentication isn't an issue in her environment).
  • Improved error messages when rejecting intercepted requests with unknown destination.
  • A couple of log messages now include the number of active threads.
  • Removed non-standard Proxy-Agent headers in HTTP snipplets to make testing more convenient.
  • Include the error code for pcre errors Privoxy does not recognize.
  • Config directives with numerical arguments are checked more carefully.
  • Privoxy's malloc() wrapper has been changed to prevent zero-size allocations which should only occur as the result of bugs.
  • Various cosmetic changes.
  • Action file improvements:
  • Unblock ".deutschlandradiokultur.de/". Reported by u302320 in #924.
  • Add two fast-redirect exceptions for "yandex.ru".
  • Disable filter{banners-by-size} for ".plasmaservice.de/".
  • Unblock "klikki.fi/adv/".
  • Block requests for "resources.infolinks.com/". Reported by "Black Rider" on ijbswa-users@.
  • Block a bunch of criteo domains. Reported by Black Rider.
  • Block "abs.proxistore.com/abe/". Reported by Black Rider.
  • Disable filter{banners-by-size} for ".black-mosquito.org/".
  • Disable fast-redirects for "disqus.com/".
  • Documentation improvements:
  • FAQ: Explicitly point fingers at ASUS as an example of a company that has been reported to force malware based on Privoxy upon its customers.
  • Correctly document the action type for a bunch of "multi-value" actions that were incorrectly documented to be "parameterized". Reported by Gregory Seidman on ijbswa-users@.
  • Fixed the documented type of the forward-override{} action which is obviously 'parameterized'.
  • Website improvements:
  • Users who don't trust binaries served by SourceForge can get them from a mirror. Migrating away from SourceForge is planned for 2016 (TODO list item #53).
  • The website is now available as onion service (http://jvauzb4sb3bwlsnc.onion/).

What is new in version 3.0.23:

  • Bug fixes:
  • On POSIX-like platforms, network sockets with file descriptor values above FD_SETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reached.
  • Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentially allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley.
  • Compiles on OS/2 again now that unistd.h is only included on platforms that have it.
  • General improvements:
  • The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
  • A couple of assert()s that could theoretically dereference NULL pointers in debug builds have been relocated.
  • Added an LSB info block to the generic start script. Based on a patch from Natxo Asenjo.
  • The max-client-connections default has been changed to 128 which should be more than enough for most setups.
  • Action file improvements:
  • Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which caused too man false positives. Reported by u302320 in #360284, additional feedback from Adam Piggott.
  • Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously reported in #3603636.
  • Stop blocking '/js/slider\.js'. Reported by Adam Piggott in #3606635 and _lvm in #2791160.
  • Filter file improvements:
  • Added an iframes filter.
  • Documentation improvements:
  • The whole GPLv2 text is included in the user manual now, so Privoxy can serve it itself and the user can read it without having to wade through GPLv3 ads first.
  • Properly numbered and underlined a couple of section titles in the config that where previously overlooked due to a flaw in the conversion script. Reported by Ralf Jungblut.
  • Improved the support instruction to hopefully make it harder to unintentionally provide insufficient information when requesting support. Previously it wasn't obvious that the information we need in bug reports is usually also required in support requests.
  • Removed documentation about packages that haven't been provided in years.
  • Privoxy-Regression-Test:
  • Only log the test number when not running in verbose mode The position of the test is rarely relevant and it previously wasn't exactly obvious which one of the numbers was useful to repeat the test with --test-number.
  • GNUmakefile improvements:
  • Factor generate-config-file out of config-file to make testing more convenient.
  • The clean target now also takes care of patch leftovers.

What is new in version 3.0.13 Beta:

  • Added IPv6 support. Thanks to Petr Pisar who not only provided the initial patch but also helped a lot with the integration.
  • Added client-side keep-alive support. This should also allow NTLM authentication through Privoxy, but this hasn't been confirmed yet.
  • The connection sharing code is only used if the connection-sharing option is enabled.
  • The max-client-connections option has been added to restrict the number of client connections below a value enforced by the operating system.
  • Fixed a regression reintroduced in 3.0.12 that could cause crashes on mingw32 if header date randomization was enabled.
  • Compressed content with extra fields couldn't be decompressed and would get passed to the client unfiltered. This problem has only be detected through statical analysis with clang as nobody seems to be using extra fields anyway.
  • If the server resets the Connection after sending only the headers Privoxy forwards what it got to the client. Previously Privoxy would deliver an error message instead.
  • Error messages in case of connection timeouts use the right HTTP status code.
  • If spawning a child to handle a request fails, the client gets an error message and Privoxy continues to listen for new requests right away.
  • The error messages in case of server-connection timeouts or prematurely closed server connections are now template-based.
  • If zlib support isn't compiled in, Privoxy no longer tries to filter compressed content unless explicitly asked to do so.
  • In case of connections that are denied based on ACL directives, the memory used for the client IP is no longer leaked.
  • Fixed another small memory leak if the client request times out while waiting for client headers other than the request line.
  • The client socket is kept open until the server socket has been marked as unused. This should increase the chances that the still-open connection will be reused for the client's next request to the same destination. Note that this only matters if connection-sharing is enabled.
  • A TODO list has been added to the source tarballs to give potential volunteers a better idea of what the current goals are. Donations are still welcome too: http://www.privoxy.org/faq/general.html#DONATE

What is new in version 3.0.12:

  • The socket-timeout option now also works on platforms whose select() implementation modifies the timeout structure. Previously the timeout was triggered even if the connection didn't stall. Reported by cyberpatrol.
  • The Connection: keep-alive code properly deals with files larger than 2GB. Previously the connection was closed too early.
  • The content length for files above 2GB is logged correctly.
  • The user-manual directive on the show-status page links to the documentation location specified with the directive, not to the Privoxy website.
  • When running in daemon mode, Privoxy doesn't log anything to the console unless there are errors before the logfile has been opened.
  • The show-status page prints warnings about invalid directives on the same line as the directives themselves.
  • Fixed several justified (but harmless) compiler warnings, mostly on 64 bit platforms.
  • The mingw32 version explicitly requests the default charset to prevent display problems with some fonts available on more recent Windows versions. Patch by Burberry.
  • The mingw32 version uses the Privoxy icon in the alt-tab windows. Patch by Burberry.
  • The timestamp and the thread id is omitted in the "Fatal error" message box on mingw32.
  • Fixed two related mingw32-only buffer overflows. Triggering them required control over the configuration file, therefore this isn't seen as a security issue.
  • In verbose mode, or if the new option --show-skipped-tests is used, Privoxy-Regression-Test logs skipped tests and the skip reason.

What is new in version 3.0.11:

  • On most platforms, outgoing connections can be kept alive and reused if the server supports it. Whether or not this improves things depends on the connection.
  • When dropping privileges, membership in supplementary groups is given up as well. Not doing that can lead to Privoxy running with more rights than necessary and violates the principle of least privilege. Users of the --user option are advised to update. Thanks to Matthias Drochner for reporting the problem, providing the initial patch and testing the final version.
  • Passing invalid users or groups with the --user option didn't lead to program exit. Regression introduced in 3.0.7.
  • The match all section has been moved from default.action to a new file called match-all.action. As a result the default.action no longer needs to be touched by the user and can be safely overwritten by updates.
  • The standard.action file has been removed. Its content is now part of the default.action file.
  • In some situations the logged content length was slightly too low.
  • Crunched requests are logged with their own log level. If you used "debug 1" in the past, you'll probably want to additionally enable "debug 1024", otherwise only passed requests will be logged. If you only care about crunched requests, simply replace "debug 1" with "debug 1024".
  • The crunch reason has been moved to the beginning of the crunch message. For HTTP URLs, the protocol is logged as well.
  • Log messages are shortened by printing the thread id on its own (as opposed to putting it inside the string "Privoxy()").
  • The config option socket-timeout has been added to control the time Privoxy waits for data to arrive on a socket.
  • Support for remote toggling is controlled by the configure option --disable-toggle only. In previous versions it also depended on the action editor and thus configuring with the --disable-editor option would disable remote toggling support as well.
  • Requests with invalid HTTP versions are rejected.
  • The template symbol @date@ can be used to include a date(1)-like time string. Initial patch submitted by Endre Szabo.
  • Responses from shoutcast servers are accepted again. Problem reported and fix suggested by Stefan.
  • The hide-forwarded-for-headers action has been replaced with the change-x-forwarded-for{} action which can also be used to add X-Forwarded-For headers. The latter functionality already existed in Privoxy versions prior to 3.0.7 but has been removed as it was often used unintentionally (by not using the hide-forwarded-for-headers action).
  • A "clear log" view option was added to the mingw32 version to clear out all of the lines in the Privoxy log window. Based on a patch submitted by T Ford.
  • The mingw32 version uses "critical sections" now, which prevents log message corruption under load. As a side effect, the "no thread-safe PRNG" warning could be removed as well.
  • The mingw32 version's task bar icon is crossed out and the color changed to gray if Privoxy is toggled off.

What is new in version 3.0.10:

  • Ordinary configuration file changes no longer cause program termination on OS/2 if the name of the logfile hasn't been changed as well. This regression probably crept in with the logging improvements in 3.0.7. Reported by Maynard.
  • The img-reorder filter is less likely to mess up JavaScript code in img tags. Problem and solution reported by Glenn Washburn in #2014552.
  • The source tar ball now includes Privoxy-Log-Parser, a syntax-highlighter for Privoxy logs. For fancy screenshots see: http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ Documentation is available through perldoc(1).

Similar Software

Sirious
Sirious

14 Apr 15

Seeks
Seeks

15 Apr 15

rtspd
rtspd

3 Jun 15

Other Software of Developer Privoxy Developers

Privoxy
Privoxy

30 Mar 18

Comments to Privoxy

Comments not found
Add Comment
Turn on images!