2

I'm looking for a proxy to intercept HTTP traffic na pass through HTTPS traffic. Burp can do that with SSL pass through. With that option, SSL traffic isn't modified or capture, but just tunneled. I don't want to perform man in the middle attacks. Can (for example) squid emulate this behavior?

Edit: Pass through is different from interception. Tunnelled traffic isn't decrypted, just tunnelled.

https
  • 21
  • 1
  • 3
  • Squid supports CONNECT requests and can let HTTPS (or anything else really) pass through it. –  Nov 21 '14 at 20:58

3 Answers3

2

It should be enough to just setup transparent proxying for port 80 traffic only, and route port 443 traffic normally.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
1

HTTPS interception cannot occur without MitM attack. Squid can do this indeed with ssl bumping technique, but it's the same as MitM.

drookie
  • 8,625
  • 1
  • 19
  • 29
  • 1
    I don't want to intercept, but to pass through. Read the link I included in my question. – https Nov 12 '14 at 11:24
1

This link has extensive howto describing transparent HTTP(s) with Squid. If HTTPS filtering is not required then just do not enable the corresponding HTTPS redirect rule (connections to external servers on port 443 will just be NATed, so Squid will not even see them). See http://docs.diladele.com/tutorials/transparently_filtering_https_centos/index.html

Rafael
  • 534
  • 2
  • 3