On 15/12/2013 9:19 p.m., Marcelo Barbudas wrote:
> Thanks for taking the time to answer Amos.
>
>
>> On port 443 traffic the Host: header is buried inside the encryption. So
>> is the whole URL. Until the server contact has been established, certs
>> exchanged with the client and the first HTTP request received there is
>> no known Host header.
>>
>> NP: the SSL cert domain name(s) can be wildcard or completely irrelevant
>> domain so is not reliable either.
>>
>
> This gets me worried. Is what I'm trying to do possible? DNS spoof a
> domain (it's resolved to the squid server) and transparent proxy the
> https traffic to the real host?
Its possible and exactly what the bumping is designed to do. In your
case there just seems to be a problem connecting to the server to get
its cert details to base the forged cert around.
>
> (as a general idea I don't care about the contents of https traffic,
> intercepting or otherwise, but because of the dns spoof I have to
> forward it to the real host)
Um. Is Squid being given the DNS-spoofed address or the real server
address to contact for fetching the real server cert ?
Amos
Received on Sun Dec 15 2013 - 08:27:19 MST
This archive was generated by hypermail 2.2.0 : Sun Dec 15 2013 - 12:00:05 MST