Where are you doing the packet capture, ie are you doing it on the
host+interface with address 172.30.20.212?
I'm also not sure if the always_direct bypasses bumping, I'm sure Amos
or others would tell you.
Alex
On 20/06/13 19:49, sjaipuri wrote:
> Hi,
>
> I am working on one of my project in which I have to capture https traffic
> in plain text format. I am using squid with sslbump along with c-icap, both
> running on Fedora.
>
> Below is the part of squid.conf I am using.
>
> icap_enable on
> icap_send_client_ip on
> icap_send_client_username on
> icap_client_username_encode off
> icap_client_username_header X-Authenticated-User
> icap_preview_enable on
> icap_preview_size 102400000
> icap_service service_req reqmod_precache bypass=0
> icap://172.30.30.212:1344/virus_scan
> icap_service service_resp respmod_precache bypass=0
> icap://172.30.30.212:1344/virus_scan
> adaptation_access service_req allow all
> adaptation_access service_resp allow all
>
> http_access allow all
>
> http_port 3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/etc/ssl/certs/perCA.pem
>
> always_direct allow all
> ssl_bump allow all
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
>
>
> Even though above setting, when I capture https traffic using tcpdump, its
> still encrypted.
> Can anyone help me or guide me to right direction?
>
> Thanks in advance.
>
> Sagar
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/https-traffic-using-squid-and-icap-tp4660720.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Jun 20 2013 - 19:07:09 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT