The question is about HTTP vs HTTPS.
If I want to anonymously load a website that forces HTTPS, like Google.com, do I need an HTTPS proxies, or can I get away with HTTP proxies?
Asked
Active
Viewed 709 times
1
-
Is the question whether a proxy can serve content of a HTTPS site via HTTP to the client? – DaSourcerer May 18 '16 at 17:14
-
@DaSourcerer anonymously, yes. Edit the question if you wish. – User May 18 '16 at 17:15
-
I'd rather not: changing other people's writing when it is potentially shifting meanings makes me a bit uncomfortable. – DaSourcerer May 18 '16 at 17:18
-
@DaSourcerer haha okay. If my question has a misunderstanding in it, feel free to correct me. – User May 18 '16 at 17:20
-
See this: http://stackoverflow.com/questions/516323/https-connections-over-proxy-servers – nimig May 30 '16 at 10:13
-
I think is what you are looking for.. – nimig May 30 '16 at 10:14
3 Answers
5
If your proxy is SOCKS it will not care what kind of socket is connecting through it. It has its own handshake and it does not care about what happens after the handshake. Whether after the SOCKS handshake an SSL handshake (HTTPS) is started it is not a SOCKS proxy problem, it will just pass through.
Several HTTP proxies on the other hand expect HTTP headers to guide them, such a HTTP proxy will not allow HTTPS since it needs to read the headers.
On the third hand (ekhm... well, foot?), an HTTP proxy that supports HTTP CONNECT can also setup the transfer of arbitrary data. Therefore such a proxy can setup any type of socket, which can have an SSL handshake, which can then be used for HTTPS transfer.
grochmal
- 2,901
- 2
- 22
- 28
-
So the answer is, if I scrape a list of HTTP proxies from the web, or purchase a list, only some will support HTTPS? – User May 30 '16 at 13:13
-
1I'd argue that today **most** HTTP proxies (notably those advertised on the web) support `HTTP CONNECT` and therefore HTTPS. One of the most common deployments is with [squid](http://www.squid-cache.org/), which allows `HTTP CONNECT` by default. HTTP proxies that i saw that inspect headers or disable `CONNECT` are mostly company internal proxies (spying on employees is bad, OK), and proxies that are hacked together with something like `perl` (which, surprisingly, are still common). – grochmal May 30 '16 at 13:52
2
HTTP Proxy Server supports CONNECT verb which supports HTTPS connections within HTTP Proxy. You don't need special HTTPS proxy server or any other setup.
CONNECT verb allows you to create binary socket tunnel to any given IP:Port address. So any HTTP client (all browsers), will open secure tunnel and communicate securely over proxy server. However, no one cant control or see anything that is going through the tunnel unless they implement man in middle attack by sending you self-signed certificates.
Most firewall these days automatically implement man in middle self signed certificates that are deployed in work network, so you have to probably dig more to identify whether it is really secure or not. So it may not be that anonymous.
Akash Kava
- 39,066
- 20
- 121
- 167
1
If you're trying to access a service anonymously, you won't get this by running your own proxy. It's not clear from the original question what is meant by "proxy", e.g. local service, or remote service. You won't get anonymity by surfing through a proxy that's on your network, unless it's something like a TOR proxy which relays out through the TOR network.
As for whether proxies can support HTTPS or not, that's been covered here, it would be unusual to find a proxy that doesn't support CONNECT. However if it's a remote anonymizing service you're using, I doubt they would do MitM, since you'd need to install the signing cert into your trusted root store, so they couldn't do that surreptitiously.
Martijn Pieters
- 1,048,767
- 296
- 4,058
- 3,343
Adrien
- 1,061
- 8
- 11