I'm more looking at things like always adding extra headers such as auth tokens. I want to create some scripts that will go and get things like JWTs so I can run dumb tools through them and not have to worry about doing it by hand and then getting the tool to accept extra headers.
And I know there are other ways to do this, but this is more a curiosity project now, especially as it didn't work first time and there is a new protocol to learn.
Robin
On Fri, 7 Feb 2025, 21:12 Amos Jeffries, <squid3@xxxxxxxxxxxxx> wrote:
On 8/02/25 04:35, Robin Wood wrote:
> Hi
> I wouldn't risk trying to do a production quality one server!
>
> I'm a security tester and I want a way to automatically modify traffic
> that I'm sending to and from sites. I've got plenty of other ways to do
> it, but as all my testing traffic already goes through a Squid box I
> just wanted to have a play to see if I could get it to do simple
> things like add a new header or something like that.
Please be aware that Squid normalizes and performs security sanitization
on the HTTP messages that it receives. Regardless of whether they are
arrive from client, server, or ICAP. That means a lot of traffic
malformation needed for proper security tests will not work at all.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
