Márcio Luciano Donada wrote:
> Chris Robertson escreveu:
>
>
>> What you are attempting is called a man-in-the-middle attack.
>> Transparent interception of HTTPS traffic is (by design) not possible.
>> Squid 3HEAD includes a feature called sslbump
>> (http://wiki.squid-cache.org/Features/SslBump) that will facilitate the
>> interception and decryption of HTTPS traffic.
>>
>>
>
> Hi Chris,
>
> I am also conducting tests with the sslbump but driving in firewall
> (iptables) https connection to the squid. I am using in squid.conf as
> follows:
>
> http_port 3128 transparent sslBump cert = / etc/squid3/ssl/cacert.pem
> key = / etc/squid3/ssl/privkey.pem
>
> Even in directing the browser to https proxy server's IP is not working.
> Some ideas? I am using the version 3.HEAD-CVS
>
It is not possible to transparently proxy HTTPS through the http_port
because the connection starts as SSL, not plaintext HTTP that the
http_port expects.
You would need an https_port command, like:
https_port 3129 transparent sslBump cert=... key=...
and then set your iptables configuration to forward port 443 packets to
squid's 3129 port for transparent HTTPS proxying.
Hope this helps,
Guy
-- Guy Helmer, Ph.D. Chief System Architect Palisade Systems, Inc.Received on Fri Aug 15 2008 - 14:58:34 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 15 2008 - 12:00:03 MDT