I am looking at achieving the following with squid proxy setup. When client sends a http request (say. http://, I would like my squid proxy to make this request into https and sends the request on behalf of the client and in turn will respond back to client unencrypted.
[client]---- http -----[squid proxy] --------https-----[server]
I would like to do this only for a certain set of URLS (dynamic list).
Can this be achieved?
Related
Our environment requires that all requests to the public internet go through a proxy that uses HTTP tunneling (HTTP Connect). I have a service from a vendor that is not able to use an HTTP Connect proxy.
My plan is to set up a transparent proxy that the service can send traffic to, which will redirect traffic to the HTTP Connect proxy.
service -> transparent proxy -> http connect proxy -> public internet
Is it possible to redirect this traffic without decrypting and re-encrypting the HTTPS request? I won't be able to install any custom certs on the initial service to allow this (and I don't want to view the contents of the HTTP messages anyway). Also, are there any proxies that are made specifically to do this, or will I need to write my own?
I need know when a GET request to a specific page is sent over my Squid server. I've set up Squid with SSL Bump for this and it works. Squid is only over HTTP and I can decode HTTPS requests anyway.
Browser setup with Squid proxy IP.
HTTPS request printed by Squid
1653523742.808 595 181.192.60.243 TCP_MISS/200 10264 GET https://example.com/page.aspx? - HIER_DIRECT/63.177.189.181 text/html
This is fine, and I trigger an event when I read this.
The problem is when I get the traffic from an AWS application LB
I get it encoded like this
1653523437.029 3 172.31.32.194 TAG_NONE/400 4057 POST / - HIER_NONE/- text/html
I need a way to be able to decode it.
Should I go further with Squid or LB setup, or should I go lower like reading TCP traffic?
I am trying to implement a Socks5 server that could relay both HTTP and HTTPS traffic.
As the RFC1928 mentions, the following steps to establish a connection and forward the data must be taken :
Client sends a greeting message to the proxy.
Client & proxy authentication (assuming it is successful).
Client sends a request to the proxy to connect to the destination.
The proxy connects to the destination and sends back a response to the client to indicate a successful open tunnel.
The proxy reads the data from the client and forwards it to the destination.
The proxy reads the data from the destination and forwards it to the client.
So far, the proxy works as it should. It is able to relay HTTP traffic using its basic data forwarding mechanism. However, any request from the client to an HTTPS website will be aborted because of SSL/TLS encryption.
Is there another sequence/steps that should be followed to be able to handle SSL/TLS (HTTPS) traffic?
The sequence you have described is correct, even for HTTPS. When the client wants to send a request to an HTTPS server through a proxy, it will request the proxy to connect to the target server's HTTPS port, and then once the tunnel is established, the client will negotiate a TLS handshake with the target server, then send an (encrypted) HTTP request and receive an (encrypted) HTTP response. The tunnel is just a passthrough of raw bytes, the proxy has no concept of any encryption between the client and server. It doesn't care what the bytes represent, its job is just to pass them along as-is.
I already checked Fiddler - tunnelled http requests to port 443 and Fiddler2: Decrypt HTTPS traffic and Tunnel to host:443, but my question is different.
I do not want to use Fiddler as a Proxy for another program. Instead, I simply want to use Fiddler's Composer Tab to send a HTTPS request over an upstream proxy. My proxy configuration and authorization is correct; sending HTTP requests works just fine.
When I use Fiddler's Composer to send an HTTPS GET to https://google.com, it results in a time-out (HTTP 502 / [Fiddler] The connection to 'google.com' failed. Error: TimedOut (0x274c).).
When I send an HTTPS CONNECT to https://google.com, I get HTTP 502 / [Fiddler] DNS Lookup for failed.
Does anybody know how I can establish an HTTPS tunnel over my proxy and then send a GET request?
to establish the tunnel, you must use CONNECT to the proxy. You must also include the host header, which doubles the destination in the CONNECT request... e.g.
CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com
etc
Once the tunnel is up (e.g. you get a 200 OK from the proxy) you need to go into TLS handshake before you can send the http request (which since it's over TLS is now https). e.g.
GET / HTTP/1.1
Host: www.google.com
etc.
What additional changes are required to make this simple HTTP header to speak to a HTTPS enabled server.
GET /index.php HTTP/1.1
Host: localhost
[CR]
[CR]
EDIT
To add some context, all I'm trying to do is open a TCP port (443) and read the index page but the server seems to return a 400 - Bad request along with a message that goes "You're speaking plain HTTP to an SSL-enabled server port." I thought this probably meant altering the header in some fashion.
HTTP runs on top of secured channel. No adjustments are needed at all on HTTP level. You need to encrypt the whole traffic going to the socket (after it leaves HTTP client code) and decrypt the traffic coming from the socket before it reaches HTTP client.
You encrypt the payload with the information from the server to encrypt. This is done via handshake on a server by server basis, so you can't just fake it once have it work everywhere.
The payload includes the query string, cookies, form, etc.