I have a VPS with Tinyproxy installed, and I have my PC configured with Proxyfier. Protocols SOCKSv4 and SOCKSv5 doesn't work for me, and I need HTTPS protocol. But when I choose HTTPS protocol I'm getting this error:
43:04] Error : the proxy server cannot establish connection with www.google.com:80
The error may indicate that the proxy server doesn't support SSL connections.
It means that the proxy can be used for web browsing but it cannot work with Proxifier.
The proxy server reply header is:
HTTP/1.0 403 Access violation
Server: tinyproxy/1.8.3
Content-Type: text/html
Connection: close
[43:04] Test failed.
Could you suggest me a possible solution? Maybe another program that work's like Proxifier or another Proxy that support https authentication and easy to get working.
Related
I have a dev server serving my rest API which is using SSL at https://api.stg.something.com
I also have the same API working from localhost at http://localhost:5000
Now i want with Fiddler to redirect every api request(POST,GET) to my dev server into localhost for debugging reasons
I added to FiddlerScript's static function OnBeforeRequest
if (oSession.HostnameIs("api.stg.iot.vodafoneinnovus.com")) oSession.host = "localhost:5000";
but that not seems to work. When i hit a request from Postman to lets say https://api.stg.something.com/api/stuff
i don't get the response and fiddler inspector says
fiddler.network.https> HTTPS handshake to localhost (for #6) failed. System.IO.IOException The handshake failed due to an unexpected packet format.
The fiddler trying to establish a Secure connection but localhost refuse it.
How can i go from https request to http in fiddler?
I'm trying to set up a proxy server on my local mac.
http - seems to work.
But Safari is not connecting via https.
Did I miss something?
No it doesn't. You need to specify a separate https port and a ssl certificate, as documented in the squid config:
The socket address where Squid will listen for client requests made
over TLS or SSL connections. Commonly referred to as HTTPS.
This is most useful for situations where you are running squid in
accelerator mode and you want to do the TLS work at the accelerator
level.
You may specify multiple socket addresses on multiple lines, each
with their own certificate and/or options.
The tls-cert= option is mandatory on HTTPS ports.
See http_port for a list of modes and options.
http://www.squid-cache.org/Doc/config/https_port/
By design, it is quite hard to intercept https traffic:
When a browser creates a direct secure connection with an origin
server, there are no HTTP CONNECT requests. The first HTTP request
sent on such a connection is already encrypted. In most cases, Squid
is out of the loop: Squid knows nothing about that connection and
cannot block or proxy that traffic.
You also need to load the proxy settings for the browser as a PAC file, otherwise the browsers won't connect or throw a certificate warning:
Chrome The Chrome browser is able to connect to proxies over SSL
connections if configured to use one in a PAC file or command line
switch. GUI configuration appears not to be possible (yet).
More details at
http://dev.chromium.org/developers/design-documents/secure-web-proxy
Firefox The Firefox 33.0 browser is able to connect to proxies over
TLS connections if configured to use one in a PAC file. GUI
configuration appears not to be possible (yet), though there is a
config hack for embedding PAC logic.
There is still an important bug open:
Using a client certificate authentication to a proxy:
https://bugzilla.mozilla.org/show_bug.cgi?id=209312
https://wiki.squid-cache.org/Features/HTTPS
HTTP proxy with SSL and DNS support.
I must be lacking some key concepts about proxy-ing because I cannot grasp this. I am looking to run a simply http or https proxy without interfering with SSL. Simply, a fully transparent proxy that can passthrough all the traffic to the browser connected via HTTP or HTTPS proxy without modifying or intercepting any packets. Not able to find any code online or I'm not using the right keywords.
EX. On the browser adding server.someVPN.com:80 on the HTTP proxy field and as soon as you try to visit a website, it prompts for authentication. Then it works perfectly with any domain, any security, any ssl, no further steps needed. Most VPN providers have this.
How's this possible? it even resolves DNS itself. I thought on transparent proxy the dns relies on the client. Preferably looking for a nodeJS solution but any lang works.
Please don't propose any solutions such as SOCKS5 or sock forwarding or DNS overriding or CA based MITM. According to HTTP 1.1 which supports 'CONNECT' this should be easy.
Not looking to proxy specific domains, looking for an all inclusive solution just like most VPN Providers providers.
----Found the answer too quickly, feel free to delete this post/question admins.
The way it works is that the browser knows it is talking to a proxy server, so for example if the browser want to connect to htttp://www.example.com it sends a CONNECT www.example.com:443 HTTP/1.1 to the proxy server, the proxy server resolves wwww.example.com via DNS and then opens a TCP connection to wwww.example.com port 443 and proxies the TCP stream transparently to the client.
I don't know any solution for nodejs. Common proxy servers include Squid, Privoxy and Apache Traffic Server
See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT
Found the solution right after I asked...
This module works perfectly https://github.com/mpangrazzi/harrier
Does exactly what I was asking for.
I have a request handler set up like this:
httpServer.addRequestHandler("^/send-contact-message", "./rest-extensions/contact-messages.js", "sendContactMessage");
I have CORS set up like this:
<cors enabled="true">
<domain name="imagesreimagined.com" methods="post"/>
</cors>
My server is set up with Secure Connections (HTTPS) set to Accept only HTTPS from remote & allow HTTP and HTTPS from localhost. If I send a request from a form with action="https://imagesreimagined.store/send-contact-message", I get an error in the browser stating:
XMLHttpRequest cannot load https://imagesreimagined.store/send-contact-message. Origin http://imagesreimagined.com is not allowed by Access-Control-Allow-Origin.
If I set my server’s Secure Connections (HTTPS) to Accept both HTTP and HTTPS connections and change the form action to http, it works. However, I need all remote connections to be https.
I also tried CORS with the 443 port and got the same error.
<cors enabled="true">
<domain name="imagesreimagined.com:443” methods="post"/>
</cors>
The server calling the Wakanda Server is not SSL, if that makes a difference.
Once I removed the port number from the cors domain name and added SSL to the server that hosts the website posting to the Wakanda Server, it worked.
I guess this is not an answer but rather adding more to the question in the hope it helps.
This is amazing. I logged into SO this morning intending to ask this very same question. My setup is very slightly different.
I have my Wakanda server set to accept only SSL connections and set to Accept only HTTPS from remote & allow HTTP and HTTPS from localhost. The Wakanda server is published on port 8443.
On the same machine I have an Apache server running on port 80 that publishes my Angular 2 app.
I spent several hours trying to get CORS to work with no success. I haven't tried running the Angular app on SSL yet, but that sounds like it would be worth a try.
=====================
After further investigation, I found the problem.
Don't include the protocol in the CORS definition.
ie:
Instead of
<domain name="http://app.example.com" methods="post;get;put;delete"/>
It should be:
<domain name="app.example.com" methods="post;get;put;delete"/>
Pretty obvious really but I didn't see it for a long time.
I already checked Fiddler - tunnelled http requests to port 443 and Fiddler2: Decrypt HTTPS traffic and Tunnel to host:443, but my question is different.
I do not want to use Fiddler as a Proxy for another program. Instead, I simply want to use Fiddler's Composer Tab to send a HTTPS request over an upstream proxy. My proxy configuration and authorization is correct; sending HTTP requests works just fine.
When I use Fiddler's Composer to send an HTTPS GET to https://google.com, it results in a time-out (HTTP 502 / [Fiddler] The connection to 'google.com' failed. Error: TimedOut (0x274c).).
When I send an HTTPS CONNECT to https://google.com, I get HTTP 502 / [Fiddler] DNS Lookup for failed.
Does anybody know how I can establish an HTTPS tunnel over my proxy and then send a GET request?
to establish the tunnel, you must use CONNECT to the proxy. You must also include the host header, which doubles the destination in the CONNECT request... e.g.
CONNECT www.google.com:443 HTTP/1.1
Host: www.google.com
etc
Once the tunnel is up (e.g. you get a 200 OK from the proxy) you need to go into TLS handshake before you can send the http request (which since it's over TLS is now https). e.g.
GET / HTTP/1.1
Host: www.google.com
etc.