I setup software for web developers that tracks their users' sessions on their websites. We setup a network tap that allows us to sniff the network traffic on their app and web servers. If the servers use SSL, the tool has a way to install their private key and decrypt the SSL connections.

I need a good way to test the software without being on their internal network, basically a pre proof of concept. If they don't use ssl, it's easy. I setup the tool to sniff on my network and hit their website from there. The tool captures all the data from my session on their site. It obviously doesn't capture all their users, just the ones on my network, but it gets me what I need. If they use SSL, I'm out of luck without their private key. I am sometimes able to get the key, but not often as you might expect.

I was thinking about trying to use something like squid to do a man in the middle type setup, but more of a http>https proxy. I want to be behind a squid proxy server on the network with a client, and have my tool sniffing in between. I want to hit some local url like http://squidserver.local and have that connection recognized by squid, and then have squid know to connect to https://www.potentialclient.com, but keep the connection between squid and the client http on port 80. That way I can connect to their server and my tool can still "see" the traffic in between. Obviously squid would need to be capable of being an SSL client, which I don't know if it can.

Is it possible, with squid or anything else?

i don't know if squid or another piece of software can do this, but i would guess there is some software that can. However it is not too difficult to create a php script and a rewrite rule (or 10) in .htaccess to do this. (obviously then you'd need apache with php and a couple of other librarys, e.g. curl or something, i can't remember the name of the one i used.)