1

I want to implement a server for responding any http/https request sent to it.

It's much like forward proxy using CONNECT method. I do not want the clients to set proxy explicitly. The DNS of the clients is a customized dnsmasq which will resolve some domain to the proxy server.

How can I achieve this via using iptables for packet forward to a normal forward proxy like squid. Or should I use some hacks like write a netfilter/iptables plugin, modify the code of squid to make it work in connect mode without connect method.

In short, I want to implement a transparent http/https proxy which can respond to any normal http/https request sent to it.

Dave M
  • 4,514
  • 22
  • 31
  • 30
Donghua Liu
  • 121
  • 2
  • Note that it's impossible to transparently proxy https, as the certificate won't match; you would need to create a wildcard certificate for '*' locally, and configure all browsers on your network to trust that certificate. Using squid as a transparent proxy for http only is trivial though. – wurtel Jun 19 '19 at 11:22
  • @wurtel Thanks for your response, but could you give me more details on how to combine all these configurations on the proxy server. The proxy server in my environment could not serve as a default gateway, I can only change the dns of some domains to point the proxy server. And in the proxy server I can use a public dns server like 8.8.8.8 to find the actural IP. – Donghua Liu Jun 20 '19 at 00:53
  • WCCP is a protocol developed by Cisco to transparently redirect all HTTP traffic to a proxy server: https://en.wikipedia.org/wiki/Web_Cache_Communication_Protocol. It might give you a starting point. – Tommiie Jun 25 '19 at 11:22
  • @wurtel @Tommiie Hi, after some research, I made it work via `goproxy`, see the following answer. – Donghua Liu Jul 11 '19 at 01:50

1 Answers1

1

Finally, I solved this problem. I could make a dns based transparent proxy via a single command proxy sps -p :80,:443 -q 8.8.8.8:53 --log proxy.log --daemon, it worked. see more details on https://snail007.github.io/goproxy/posts/windows-global-proxy-using-dns/ and https://github.com/snail007/goproxy. This is a really wonderful project.

Donghua Liu
  • 121
  • 2