[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "pre-treating" documents from certain remote URLs before a web browser renders them

	Hi.

On Thu, May 17, 2018 at 08:49:04AM +0200, tomas@tuxteam.de wrote:
> On Wed, May 16, 2018 at 07:35:51PM -0700, Kushal Kumaran wrote:
> 
> [...]
> 
> > You should note that HTTP-proxy based systems will not be able to do any
> > inspection or modification of traffic for sites using HTTPS.
> 
> This is true... and then it's not :-)
> 
> If your proxy terminates the HTTPS connection, effectively doing a
> "man-in-the-middle" (but controlled by you), it can: most probably
> you'd have to fool your browser by offering it a HTTPS connection
> from the proxy, and by installing a trusted root certificate you
> create yourself. Basically what the proxy in your $CORPORATION does
> all of the time.
> 
> I don't know whether privoxy or squid can do that (I'd love to know,
> mind you, but days are so short).

Squid can do it. It was called SSL Bump in old (pre 3.4) Squid, now they
renamed it to SSL Peek and Splice - [1].

Reco

https://wiki.squid-cache.org/Features/SslPeekAndSplice
Reply to: