On Saturday 22 October 2016 at 15:42:23, --Ahmad-- wrote: > Hi guys > say that i have squid proxy sever > and i was running capturing traffic on that server . You mean using ICAP or ECAP service? > say that all users were using ip:port —> ((tcp_connect tunnel))) mode of > squid I'm not sure what you mean here - are you saying the clients are configured to use the proxy, or that the proxy is operating in intercept mode, and the clients don't know? > the question is being asked here … will i be able to see https traffic like > Facebook as normal traffic ? or encrypted ? You can always see the encrypted traffic - you don't need Squid for that - just run tcpdump, wireshark or similar on a router between your clients and the Internet. Encrypted traffic isn't going to tell you much, though. > the question in other way …. is it possible to hack https traffic and see > it as not encrypted ? Yes - you perform a Man-in-the-Middle attack, which requires configuring the clients to accept fake certificates from Squid by trusting its built-in Certificate Authority. In other words, you cannot do it without clients knowing that the certificate presented by Squid does not belong to the site they're visiting. Also, all technical possibilities aside, it may well be illegal for you to do this, depending on where you are and who your users are. See http://wiki.squid-cache.org/Features/SslPeekAndSplice and http://wiki.squid-cache.org/SquidFaq/ContentAdaptation for more details. Antony. -- "Life is just a lot better if you feel you're having 10 [small] wins a day rather than a [big] win every 10 years or so." - Chris Hadfield, former skiing (and ski racing) instructor Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
