Page 1 of 1

rPi as a SSL web proxy

Posted: Wed Jan 24, 2018 5:02 pm
by ash73
Hi, I'd like to use my rPi as a web proxy with ssl inspection to modify incoming web pages from a https web forum, the idea is to create a script to parse the html and filter out "blocked" user content.

I found a site describing how to recompile Squid for SSL but it didn't work, various links in the scripts were out of date and I couldn't fix it. I'm not sure if this is the right way to do it anyhow.

https://docs.diladele.com/administrator ... index.html

Anyone know how to do this? TIA

Re: rPi as a SSL web proxy

Posted: Fri Jan 26, 2018 3:02 am
by bertlea
I am not sure if I interpret your description correctly. Why that sounds like the description of “man-in-the-middle” attack? If that is feasible, then HTTPS is useless. Communication via SSL (e.g. HTTPS) are supposed to be secure that nobody in between (including any proxy) should able to see the contents nor modify the contents.

Sorry if I have a wrong understanding of your description.

Re: rPi as a SSL web proxy

Posted: Fri Jan 26, 2018 1:43 pm
by ash73
Yes it's mitm but you install a certificate on the client to allow it.

Re: rPi as a SSL web proxy

Posted: Sat Dec 15, 2018 2:50 am
by davegermiquet
Hello,

I was able to do this put its pretty slow on the Raspberry 2 Model B+

Where did you get stuck i can help..

Re: rPi as a SSL web proxy

Posted: Sat Dec 15, 2018 7:42 pm
by bzt
Hi,

Why don't you terminate the HTTPS on your Pi with apache (if you have the cert you can do it) and forward the content in plain HTTP? You can "inspect" the html and remove the "blocked" parts using mod_substitute.

I'm not saying it will be efficient or fast though.

Cheers,
bzt