LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Encrypted HTTP Proxy Server (http://www.linuxquestions.org/questions/linux-server-73/encrypted-http-proxy-server-928544/)

mohtasham1983 02-09-2012 04:44 PM

Encrypted HTTP Proxy Server
 
Hi,

I have set up a Squid HTTP proxy on my home computer so that my dad can surf the web through it. However, his ISP can see all the exchanged data between his computer and the Squid server, since there's no encryption.

He used to surf the web through SSH Tunnel, but his ISP is now blocking SSH packets. We tried OpenVPN as well, but they block OpenVPN as well.

At the moment, the only solution I can think about is using a HTTP proxy server similar to Squid, but with encryption support, so that the ISP won't be able to see any data. This method requires a client application installed on his side as well.

Any idea if there's any such tools around? If they require coding, I can code in Java and Python.

acid_kewpie 02-09-2012 05:26 PM

you've not said where your dad is compared to this server, but presuming it's remote and it's the connection between his browser and your squid that you want to secure, I'm sure you can just enable it on squid with the https_proxy value, giving it a cert and key to use. Then you just tell the browser to use https://myproxy.com as opposed to http://myproxy.com

If I'm wrong, then a slight mod to your desired solution can be to use stunnel to make a real simple ssl tunnel with a copy at each end and then just point the browser to the local encrpytion port which is then configured to point it at squid at the other end. Just looking it up now, and it oddly doesn't support socks proxying (which is another reason ssh is awesome) so you would still need to throw the traffic at a proxy to get back out into the world.

mohtasham1983 02-09-2012 06:04 PM

Yes, my dad is on a remote machine and I want to encrypt the connection between his machine and my Squid server. I'm not too sure if HTTPs solution would work permanently for him, since his ISP has started blocking HTTPs since last night and most likely will continue doing it for a few more weeks.

If HTTPs doesn't work for him, I will try the STunnel solution. But I'm afraid his ISP can detect STunnl as well.

I don't really need to encrypt data to make the connection super secure. I just need a connection that his ISP cannot determine if it's passing secure data. SSH tunnel is pretty secure, but it can be easily detected by ISPs since it's in application layer.

acid_kewpie 02-10-2012 02:22 AM

they shouldn't be able to, it should look *EXACTLY* the same as normal HTTPS traffic, as when an end to end HTTPS session is created there is no actual HTTP data ever visible, the only thing the ISP would see is the IP and port, not the website name etc. The only exception to this that I'm aware of is if the ISP is actually intercept the SSL handshakes itself, which is how my current employer works, so even my banking sessions are visible to the transparent proxies at my work place... but this is VERY rare, and especially on a normal ISP it would just be unheard of in any modern country.

AhAdComesIn 02-13-2012 12:51 AM

httptunnel
 
Quote:

Originally Posted by mohtasham1983 (Post 4598491)
Yes, my dad is on a remote machine and I want to encrypt the connection between his machine and my Squid server. I'm not too sure if HTTPs solution would work permanently for him, since his ISP has started blocking HTTPs since last night and most likely will continue doing it for a few more weeks.

If HTTPs doesn't work for him, I will try the STunnel solution. But I'm afraid his ISP can detect STunnl as well.

I don't really need to encrypt data to make the connection super secure. I just need a connection that his ISP cannot determine if it's passing secure data. SSH tunnel is pretty secure, but it can be easily detected by ISPs since it's in application layer.


let me guess ur dad should b living in IRAN as I am, aren't he?
u can setup http encrypted tunnel on ur Linux box and allow the windows box connect through it, while it is encrypted windows box can brows any thing (even https).

www . nocrew . org / software / httptunnel . html

this will help config ur Linux and windows boxes (server & client).


All times are GMT -5. The time now is 06:34 PM.