LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Transparent proxy for LAN works, except HTTPS (https://www.linuxquestions.org/questions/linux-security-4/transparent-proxy-for-lan-works-except-https-886950/)

Ulysses_ 06-17-2011 04:41 PM
Transparent proxy for LAN works, except HTTPS
 
Successfully set up a transparent proxy where all HTTP traffic from PC's in a LAN is forced to go through the proxy running in one PC, whereby the PC is offering protection with privoxy and anonymity with ultrasurf as a parent proxy.

But the same with HTTPS does not work, apparently because:

Quote:
A primary purpose of HTTPS is to prevent "man-in-the-middle", which is exactly what a transparent proxy like this is trying to do. To do so, you'd need to have a certificate valid for everything or a system to generate certificates on the fly. In either case you're going to need an internal CA (no already-trusted external one will give you a cert for anything you don't control) and to install that root as trusted in all systems behind the proxy.
How do I do these?

win32sux 06-17-2011 10:22 PM
By doing this (which is indeed a MITM attack), one would be severely damaging the privacy and security of the individuals using the server. For that reason, this request for help is incompatible with the LQ Rules, and I'm putting an end to this thread.


All times are GMT -5. The time now is 10:15 AM.