1

I'm trying to set up a proxy server that can handle both http and https traffic without prompting the browser about certificates (just like tunlr.net).

So far I've tried to use Squid and Nginx.

While handling regular http traffic is a walk in the park, https is proving very difficult.

Can anybody point me in the right direction?

Dave Ronsom
  • 253
  • 3
  • 5
  • 9
  • Does this help? http://stackoverflow.com/questions/1073166/capturing-https-traffic-in-the-clear – dcaswell Aug 25 '13 at 17:20
  • Not really. All the "solutions" that I have seen about this subject require the end user to accept the proxy https certificate. Services like tunlr.net seem to return the original certificate of the tunneled website – Dave Ronsom Aug 25 '13 at 17:46
  • 1
    One of the main advantages of HTTPS is nobody can monitor traffic by listening in the middle. So the user definitely needs to "know" you're there. – dcaswell Aug 25 '13 at 17:47
  • If that's the case, than how do tunrl and unblock-us do it? I know it's possible, just not sure about the techniques used. – Dave Ronsom Aug 25 '13 at 18:18
  • 1
    It's not clear what you're trying to do, or whether this is a programming question at all. Squid handles [normal HTTPS out of the box](http://wiki.squid-cache.org/Features/HTTPS). If you want the original site's certificate, just use the normal HTTPS proxy method (not Squid's SSL Bump or Fiddler). If you're trying to implement this yourself, [this question](http://stackoverflow.com/a/3186044/372643) should give you an indication of what to do. – Bruno Aug 25 '13 at 19:29
  • @Bruno I'm not even sure myself what kind of question this is, so sorry for that. But I think I'm beginning to understand how it works, correct me if I'm wrong. User connects with proxy -> Proxy connects to target -> target sends data to proxy -> Proxy sends data to user. So it would suffice to use "https_port 443"? – Dave Ronsom Aug 25 '13 at 19:49

2 Answers2

0

I think you should use a socks proxy not an http proxy, just like doing ssh tunnels, I used one on my vps, a package called dante the set up is kinda tricky but it really does the trick.

The package is available by default in ubuntu's repositories, and I assume probably other distros too.

Search on google on how to configure dante, and make sure you don't use a standard port, and even better use authentication to use the proxy, you don't want random people using your server as their proxy.

Mohammad AbuShady
  • 40,884
  • 11
  • 78
  • 89
-1

I just figured it out, turns out you don't need to set the https_port directive, only the http_port.

Dave Ronsom
  • 253
  • 3
  • 5
  • 9