Hi All, I've recently installed Squid 3.1 and configured with sslBump feature in order to inspect the https traffic using the squid-in-the-middle method, (for legal purposes). The browser gets the certificate right (fake certificate), but when i make a tcpflow to see the http headers, i see all the traffic encrypted... is there a way to inspect the traffic? what i'm doing wrong? I configured squid sslBump feature as follows: ######################## log_mime_hdrs on debug_options ALL,9 ######################### #visible_hostname localhost ssl_bump allow all acl BogusError ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow BogusError sslproxy_cert_error deny all always_direct allow all ######################################################################## cache_store_log /usr/var/logs/store.log acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.26.0.0/16 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all #http_port 3128 http_port 3128 sslBump cert=/usr/etc/nova.pem hierarchy_stoplist cgi-bin ? refresh_pattern ^http: 1440 20% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth refresh_pattern ^https: 1440 20% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private ignore-auth refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 coredump_dir /usr/var/cache I also tried with c-icap server and configured Squid as a client of it, but i receive a lot of error such as: Laucher.cc(72) noteAdaptationQueryAbort: cannot retry the failed ICAP xaction; tries: 1; final: 1; AsyncJob.cc(218) dial: Adaptation::Icap::Xaction::noteCommConnected threw exception: cannot connect to ICAP service. Please, any help would be appreciated!! Thanks in advance, Alex.
