On 10/12/2015 7:25 a.m., Leonardo Rodrigues wrote: > Em 09/12/15 13:11, George Hollingshead escreveu: >> is there a simple way to log request made to https sites. I just want >> to see sites visited without having to set up tunneling and all this >> complex stuff i'm reading about. >> >> Hoping there's a simple way, and yes, i'm a newb but smart enough to >> have your awesome program running; hehe >> > If you really want a SIMPLE way, than the answer is NO, that's not > possible > > With simply configuring the proxy on the users browsers, you'll be > able to see the hostname, but not the full URL > > user acessing https://www.gmail.com/mail/something/INBOX > will appear on the logs just as > CONNECT www.gmail.com > > and that's how it works ... the path is only visible to the > endpoints, the browser and the server, squid just carries the encripted > tunnel between them, without knowing what's happening inside. > > is it possible to decript and see the full path on the logs, being > able to filter on them and everything else ?? YES, that's ssl-bump, but > that's FAR from being an easy setup ... > It is also worth noting that clients sending SNI can have their prot 443 traffic intercepted, then logged without actually decrypting. The setup for that looks like the normal ssl-bump setup. But just peeks and splices everything. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
