On 15/12/2013 9:19 p.m., Marcelo Barbudas wrote: > Thanks for taking the time to answer Amos. > > >> On port 443 traffic the Host: header is buried inside the encryption. So >> is the whole URL. Until the server contact has been established, certs >> exchanged with the client and the first HTTP request received there is >> no known Host header. >> >> NP: the SSL cert domain name(s) can be wildcard or completely irrelevant >> domain so is not reliable either. >> > > This gets me worried. Is what I'm trying to do possible? DNS spoof a > domain (it's resolved to the squid server) and transparent proxy the > https traffic to the real host? Its possible and exactly what the bumping is designed to do. In your case there just seems to be a problem connecting to the server to get its cert details to base the forged cert around. > > (as a general idea I don't care about the contents of https traffic, > intercepting or otherwise, but because of the dns spoof I have to > forward it to the real host) Um. Is Squid being given the DNS-spoofed address or the real server address to contact for fetching the real server cert ? Amos
