1

I have 2 network cards. The first one is network card with the address 192.168.5.3, the second one is network card with the address 10.1.1.252. How to configure using proxy as a transparent proxy, meaning the client only need to change the gateway of 192.168.5.3 is able to go through the proxy without having to modify the browser's proxy option. I use the following code to do this:

final ChainedProxyAdapter adapter = new ChainedProxyAdapter() {
    @Override
    public InetSocketAddress getChainedProxyAddress() {
        return new InetSocketAddress("10.1.1.252", 8003);
    }
};
ChainedProxyManager manager = new ChainedProxyManager() {
    @Override
    public void lookupChainedProxies(HttpRequest httpRequest, Queue<ChainedProxy> chainedProxies) {
        chainedProxies.add(adapter);
    }
};
HttpProxyServer server = DefaultHttpProxyServer.bootstrap()
    .withAddress(new InetSocketAddress("192.168.5.3", 8002))
    ..withChainProxyManager(manager)
    .start();

(port 8003 will to access the internet.) In iptables I add some rule as follows:

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 8002
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 8002

(the address of eth2 is 192.168.5.3) But when I set the client to use the gateway 192.168.5.3 and 192.168.5.3 dns, I always get 400 Bad request to URI :/ for http url and connect not secure for https url. Please just let me know the solution. Thanks.

cause: when proxy reading an request from the client, it get the first line, and when using proxy as transparent, it received request such as GET / HTTP/1.1 not contain Host, so it return bad request. With https request, the proxy can not parse, it's try parsing, and the browser throw ssl_error_rx_record_too_long message. The little proxy not support transparent mode, transparent in the little proxy is understood as hidden computer information when it connect via proxy.

HoaiNP
  • 21
  • 1
  • 7
  • What happened when your **chained proxy** is disabled / not used? – Ben May 08 '17 at 16:23
  • `when proxy reading an request from the client, it get the first line, and when using proxy as transparent, it received request such as GET / HTTP/1.1 not contain Host` this sounds strange to me. The **client-http-request** should always be the same, no matter if little-proxy is configured as transparent or not. The client does not know (in your case) the proxy and it doesn't know how it is configured. Why should it change the request (with no host info)? – Ben May 08 '17 at 16:37

1 Answers1

0

You can try following:

HttpProxyServer server = DefaultHttpProxyServer.bootstrap()
   .withAddress(new InetSocketAddress("192.168.5.3", 8002))
   .withChainProxyManager(manager)
   .withTransparent(true) /* see here */

from Documentation:

Specify whether or not to run this proxy as a transparent proxy.

Default = false

Community
  • 1
  • 1
Ben
  • 3,378
  • 30
  • 46
  • Hi Ben, The transparent you mentioned is understood as hidden computer information when it connect via the proxy, not what I'm referring to. – HoaiNP May 03 '17 at 02:10
  • @NguyenPhan see my comments on initial post – Ben May 08 '17 at 16:42
  • @Ben Are you saying little proxy cannot support HTTPS Transparent proxy? .meaning if a user uses a browser he doesn't have to set the proxy server it should just work, if iptables are configured if this is et. iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 443 -j REDIRECT --to-port 8002 – Jeryl Cook May 25 '17 at 15:26
  • With your iptables setting and you acting as default gateway, all requests (from clients using you as gateway) to port 80 & 443 are redirected to your proxy servers port 8002. So the clients don't need to configure the proxy seperately and the client does'nt know anything about a proxy...like man-in-the-middle. (PS: I am not saying little proxy cannot support HTTPS Transparency.) (PS2: on local machine, you don't need to change default gateway, just the iptables setting should be enough) – Ben May 25 '17 at 23:41