Lawrence Aracabia <Lawrence...@Aracabia.com> wrote:
> Someone gave me a Windows XP 5.1.2600 laptop that works fine when
> booting but I can't yet find a browser for it that will connect to
> the Interbnet.
>
> ...
>
> My two main questions are really a result of the first problem.
> (1) How can I get a web browser for that WinXP that works on the
> Internet?
> (2) ...
You give no details of what qualifies as no access to the Internet.
Have you tried connecting your web browsers to your router (whether a
separate device, or built into a cable modem)? The router has its own
internal web server to let you configure it. You may find you can
connect to intranet hosts, like the web browser built into the router,
but not to Internet hosts.
Other than web browser, have you tried any other network-capable client
to see if you can get Internet access? Have you tried opening a command
shell, and tried either pinging a web site or doing a tracerout to it?
ping
www.intel.com
tracert
www.intel.com
You don't mention if you tried to connect to both HTTP-only and HTTPS
web sites, or have only tried to connect to HTTPS web sites. No mention
of where you tried to connect. What are the FQDN (fully qualified
domain name), including the protocol (HTTP or HTTPS), to where you have
tried to connect?
Is Internet access paid by you, or by your parents, your employer, or
someone else? If someone else is managing the network setup, could be
they configured the router with its firewall, or another upstream
firewall, as to which devices can connect to it. For example, routers
can often be configured to allow only certain devices by MAC address to
connect to it. Since the computer is new to your network, could be it
was not added to the MAC list of devices allowed to connect to the
router. Can you connect from your host via web browser to the internal
web server in the router? Mine only uses HTTP, so I cannot use it to
ensure HTTPS is working okay from my host. It does let me see if basic
networking via HTTP is working, though. If the router is separate of
your DSL/cable modem, you could bypass the router by disconnecting it
from the DSL/cable modem, and plugging your computer directly to a LAN
port on the DSL/cable modem using a wired connection (while also
bypassing any wifi issues).
Does your router support both IPv4 and IPv6? Some old ones don't
support IPv6. The sites you may trying to connect may only support
IPv6; that is, they have no IPv4 address. We don't know to where you
tried to connect. Also, routers that support both IPv4 and IPv6 may
have different security settings for each addressing method.
Lots of sites are dropping support for old versions of Firefox. The
latest you can get for Windows XP is Firefox 52ESR. You can alter the
UA (User Agent) string the web client sends to the server, but that
won't magically change the web browser to support later features
demanded by many web sites. The old version of Firefox is also not
maintained. You might look into using MyPal. While it was forked off
of Pale Moon which was forked off an old version (pre-52ESR aka
pre-Quantum) of Firefox, it is maintained.
Do you use an anti-virus or other anti-malware program? If so, many
will intercept your web traffic to interrogate its content for malicious
content. With HTTP, it simply operates as a transparent proxy.
However, for HTTPS, a proxy cannot decrypt the encrypted traffic to look
at its content. To do that, AVs use the MITM (Man-In-The-Middle)
hacking trick. The install a root certificate into the global OS
certificate store (in Windows, run certmgr.msc), but they have to also
insert their certificate into Firefox's private certificate store (in
Firefox's, go to about:preferences#privacy -> View Certificates). I've
not found Mozilla explain why they want to wrest cert control away from
the OS to provide their own private cert store. If the AV's cert
doesn't install in Firefox, there is no cert to use with the MITM scheme
where the web browser uses HTTPS to connect to the AV's proxy using the
installed AV's certificate (to do the encryption from proxy to web
client) and to do HTTPS to the server (encryption from proxy to server).
The proxy does HTTPS at both endpoints (web client and server), but
internally the HTTPS traffic gets decrypted, so the AV can inspect the
web traffic.
If the AV's cert doesn't get installed into Firefox, the AV's proxy
cannot do HTTPS using MITM to both the web client and to the server. If
their certificate expires (one of the reasons you need to keep the AV
updated), it cannot be used by the AV's proxy. In either case, the AV
proxy will allow HTTP connects (because no cert is needed for MITM), but
cannot do HTTPS (cert is missing or expired or invalid). You'll find
other web browsers can connect to HTTPS sites, because they use the OS
global cert store (that the AV added when it was installed or updated).
Firefox fails on HTTPS sites when the AV's cert is missing, expired, or
invalid for the copy installed into Firefox's private cert store.
The AV /should/ provide a means to reinstall their cert into Firefox's
private cert store. Alas, not all do, so the only way to fix the
problem is uninstall and reinstall the AV.
I use a stream capture program that uses the MITM scheme, and it
installs their cert into both the OS global cert store (to use with
non-Mozilla web browsers) and their cert into Firefox's private cert
store. When Firefox can no longer connect to HTTPS sites, the software
has an option to reinstall their cert into Firefox's private cert store,
and HTTPS connections work again. One time was due to a change in how
certs can be specified for multiple domains, so the old cert became
invalid, and I had to get a new one. Another time their cert had
expired, so I had to get a new one. Without their cert (in the OS
global cert store for non-Mozilla web browsers, or in Firefox's internal
cert store), the encrypted web traffic cannot be interrogated by the
local proxy doing the capture. I could capture videos from HTTP sites,
but there none that I know of with video content that are HTTP, so most
video content is from HTTPS sites, and where MITM is required to capture
the videos (or to find from that content where are the video sources to
capture from there).
AV's and video stream capture software aren't the only programs that use
the MITM scheme to interrogate HTTPS traffic. However, if their cert is
lost, never installed, expires, or becomes invalid, you can no longer
connect to HTTPS sites. In fact, your web client can't even connect via
HTTPS to their local transparent proxy.
You hint at trying multiple web browsers, but don't mention which.
Since Firefox uses its own private (internal) cert store, so do the
variants of Firefox. Which *non-Mozilla* web browsers have you tried?
Non-Mozilla web browsers (e.g., Internet Explorer, Chrome) use the OS
global cert store.
Without details, responses will be as unfocused as your post is vague.
I did not address the wifi issues since that is a separate topic, and
should be discussed in a separate thread. Besides, the details
regarding your phone and wifi setup are just as vague. I don't know
what you consider a typical wifi hotspot. Many require login to use
them, some are private, and some may require later wifi protocols than
your hardware supports.