Search squid archive

Re: possible to intercept https traffic in TCP_TUNNEL CONNECT method ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 22 October 2016 at 15:42:23, --Ahmad-- wrote:

> Hi guys
> say that i have squid proxy sever
> and i was running  capturing traffic on that server .

You mean using ICAP or ECAP service?

> say that all users were using ip:port —> ((tcp_connect  tunnel))) mode of
> squid

I'm not sure what you mean here - are you saying the clients are configured to 
use the proxy, or that the proxy is operating in intercept mode, and the 
clients don't know?

> the question is being asked here … will i be able to see https traffic like
> Facebook  as normal traffic ? or encrypted ?

You can always see the encrypted traffic - you don't need Squid for that - just 
run tcpdump, wireshark or similar on a router between your clients and the 
Internet.  Encrypted traffic isn't going to tell you much, though.

> the question in other way  …. is it possible to hack https traffic and see
> it as not encrypted ?

Yes - you perform a Man-in-the-Middle attack, which requires configuring the 
clients to accept fake certificates from Squid by trusting its built-in 
Certificate Authority.  In other words, you cannot do it without clients 
knowing that the certificate presented by Squid does not belong to the site 
they're visiting.

Also, all technical possibilities aside, it may well be illegal for you to do 
this, depending on where you are and who your users are.

See http://wiki.squid-cache.org/Features/SslPeekAndSplice and 
http://wiki.squid-cache.org/SquidFaq/ContentAdaptation for more details.


Antony.

-- 
"Life is just a lot better if you feel you're having 10 [small] wins a day 
rather than a [big] win every 10 years or so."

 - Chris Hadfield, former skiing (and ski racing) instructor

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux