I’ve crush on privoxy, there are a lot of useful configurations you can test. I’been testing some intercept options, here are some of my tests.
First complain about using privoxy was my grooveshark.com service, (I know, I suck just to avoid ads over a great free service but give’me a chance to explain; it was just for testing proposes). At that point my grooveshark looks like this:
Yes, there is no ads (thanks privoxy), but also there is no music. As a first time privoxy user my configuration were set as follow:
After some reading, the next configuration make the job:
Grooveshark come alive again!!
By the way this post is about intercept, now let have fun with iptables and be bad asses intercepting http from OUR networks (yes OUR networks).
You can get the original script here, original was for squid but the concept is the same.
# (c) 2006, nixCraft under GNU/GPL v2.0+
# remember SQUID = privoxy
# squid server IP
# Interface connected to Internet
# Interface connected to LAN
LAN_IN=”tun0” #yes i’m using a tunnel
# Squid port
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
#Enable ip Forwardingecho 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policyiptables -P INPUT DROPiptables -P OUTPUT ACCEPT
# Unlimited access to loop backiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTPiptables -A INPUT -i $INTERNET -m state —state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LANiptables —table nat —append POSTROUTING —out-interface $INTERNET -j MASQUERADE##iptables —append FORWARD —in-interface $LAN_IN -j ACCEPTiptables —append FORWARD -s $LAN_IN_SUB -j ACCEPT
# unlimited access to LAN (tun0)iptables -A INPUT -i $LAN_IN -j ACCEPTiptables -A OUTPUT -o $LAN_IN -j ACCEPT
# Intercept http and sent to privoxyiptables -t nat -A PREROUTING -s 10.10.0.0/24 -m state —state NEW -p tcp —dport 80 -j DNAT —to $SQUID_SERVER:$SQUID_PORT
#Accept vpn (remember what I said before? yes i’m using a tunnel)iptables -A INPUT -m state —state NEW -p udp —dport 1196 -j ACCEPT
# DROP everything and Log itiptables -A INPUT -j LOGiptables -A INPUT -j DROP
So at this point you http trafic is inspected by privoxy!! yEAA!! good bye ads. (most of them ;)