Tinyproxy cannot forward Connect methods

Question

Tinyproxy cannot forward Connect methods

I'm trying to set up a transparent proxy for all frame types (HTTP, HTTPS), I use tinyproxy for this. I already configured the router to redirect (using NAT) all incoming and outgoing frames to tinyproxy (which listens on port 8888).

I tried to access the HTTPS website ( https://www.google.com/ ), but I am getting an SSL error. Looking through tinyproxy logs, I see the following:

CONNECT   Mar 24 23:34:27 [22533]: Connect (file descriptor 11): 128.112.94.38 [128.112.94.38]
CONNECT   Mar 24 23:34:27 [22533]: Request (file descriptor 11): 
WARNING   Mar 24 23:34:27 [22533]: Could not retrieve all the headers from the client
INFO      Mar 24 23:34:27 [22533]: Read request entity of 103 bytes

The tinyproxy documentation says that while I set the following lines in a file tinyproxy.conf, Connect frame forwarding should work transparently:

# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used.  To disable the CONNECT method altogether, set
# the value to 0.  If no ConnectPort line is found, all ports are
# allowed (which is not very secure.)
#
# The following two ports are used by SSL.
ConnectPort 443
ConnectPort 563

ConnectPort, , ( ). - , HTTPS-?

+4

http https proxy http-proxy transparentproxy

Hansen Qian 25 . '16 5:45

3

Emanuel Seidinger · Answer 1 · 2017-10-21T12:56:05+0000

TLS - ( ), proxifier. - , -, CONNECT -. , proxyfier .

Linux , , redsocks. Pi, Raspbian, . , :

sudo apt-get install redsocks

/etc/redsocks.conf

redsocks {
    /* `local_ip' defaults to 127.0.0.1 for security reasons,
     * use 0.0.0.0 if you want to listen on every interface.
     * `local_*' are used as port to redirect to.
     */
    local_ip = 0.0.0.0;
    local_port = 12345;

    // `ip' and `port' are IP and tcp-port of proxy-server
    // You can also use hostname instead of IP, only one (random)
    // address of multihomed host will be used.
    ip = [proxy ip];
    port = [proxy port];


    // known types: socks4, socks5, http-connect, http-relay
    type = http-connect;

    // login = "foobar";
    // password = "baz";
 }

TLS http-connect. HTTP- http-relay. redsocks.

iptables TLS redsocks

sudo iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 12345

HTTP- 80 , http-relay.

, - .

mr.spuratic · Answer 2 · 2017-05-17T16:49:03+0000

"" (L2) , TCP HTTP/HTTPS (L6/7).

tinyproxy HTTP--, CONNECT --HTTP-, ( , , tinyproxy -h).

-, . ( ). ConnectPort , CONNECT ( ) .

tinyproxy HTTPS, CONNECT, , , ( ) URL-. / / IP- , SNI, tinyproxy - ( IP- ) , .

tinyproxy HTTP--, - . HTTPS ( TLS) TCP-. , squid, TLS (sslbump).

Retro gamer · Answer 3 · 2017-09-20T17:26:39+0000

HTTPS. SSL. 443 (SSL/HTTPS), SSL, Man-in-the-Middle.

I believe that collaboration will be to manually configure the browser to point to the TinyProxy instance, but this goes beyond the whole purpose of the transparent proxy server as you are setting up the client.

Tinyproxy cannot forward Connect methods

More articles: