If I set up a proxy (such as Squid for example) configured with certs to listen for HTTPS are browsers able to connect to the proxy over TLS/SSL?
Example of what I'm asking:
Browser Proxy Server
yahoo.com -> TLS -> Squid -> HTTP -> yahoo.com
I've set up a proxy listening on 443, but am not having success getting browsers to use it (connecting to the http proxy on port 80 works fine).
Chrome can do that:
http://www.chromium.org/developers/design-documents/secure-web-proxy
It also supports a directive in PAC file to point to HTTPS proxy.
If you want to secure your communication between browser and proxy, use STunnel (SSL tunneling) or VPN or SSH tunnel to the "proxy" server, then run your communication over this secure tunnel. I.e.:
Browser -> STunnel on the client -> STunnel on the server -> Squid Proxy -> Remote host
To answer your direct question - what you want is for the browser to act in a similar way to STunnel itself. I don't know a browser or even HTTP/HTTPS component (if we are on a programming site) to work this way.
Related
How to put a proxy server with authorization on the output, according to the documentation
The end still shows TOR, not a proxy
/etc/torrc
`Socks5Proxy
Socks5ProxyUsername
Socks5ProxyPassword
`
You should probably edit /etc/torrc.conf or /etc/tor/torrc.conf config
I found this for you :
HTTPProxy host[:port]
Tor will make all its directory requests through this host:port (or
host:80 if port is not specified), rather than connecting directly to
any directory servers.
HTTPProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTP proxy
authentication, as in RFC 2617. This is currently the only form of
HTTP proxy authentication that Tor supports; feel free to submit a
patch if you want it to support others.
HTTPSProxy host[:port]
Tor will make all its OR (SSL) connections through this host:port (or
host:443 if port is not specified), via HTTP CONNECT rather than
connecting directly to servers. You may want to set FascistFirewall to
restrict the set of ports you might try to connect to, if your HTTPS
proxy only allows connecting to certain ports.
HTTPSProxyAuthenticator username:password
If defined, Tor will use this username:password for Basic HTTPS proxy
authentication, as in RFC 2617. This is currently the only form of
HTTPS proxy authentication that Tor supports; feel free to submit a
patch if you want it to support others.
Socks4Proxy host[:port]
Tor will make all OR connections through the SOCKS 4 proxy at
host:port (or host:1080 if port is not specified).
Socks5Proxy host[:port]
Tor will make all OR connections through the SOCKS 5 proxy at
host:port (or host:1080 if port is not specified).
Socks5ProxyUsername username
Socks5ProxyPassword password
If defined, authenticate to the SOCKS 5 server using username and
password in accordance to RFC 1929. Both username and password must be
between 1 and 255 characters.
I have a VPN that only connect through HTTPS on my browser with its extension. I'm using Windows 10 and I'm looking for a solution like Tor Browser that have a SOCKS5 proxy (127.0.0.1:9150) and other apps can use it to bypass censorship.
Is there any solution for Firefox, Chrome or any other browser that after connecting to VPN extension, other apps can use a SOCKS5 or HTTP proxy to connect through it?
I tried Proxifier and similar apps on Windows 10 and no luck. But official VPN browser extension and FoxyProxy work.
I tried different ISPs and I know my firewall is not the problem and VPN is connected on other ISPs.
VPN name: TorGuard
The best solution I found so far is to use v2rayA (https://v2raya.org/en/).
First you connect to your HTTPS proxy through this app and then you can use HTTP or SOCKS5 proxy that it gives you to connect other apps or use Proxifier (https://www.proxifier.com/download/) to tunnel all traffic.
P.S. The default address and port of v2rayA are:
HTTP 127.0.0.1:20171
SOCKS5 127.0.0.1:20170
I want to create an aplication to handle request from reverse proxy apache server with websocket.
My goal, is i can make my local webserver can go online. Because, i use mobile carrier that dont give me public ip, or outbound open port webserver.
in my mind, i think its possible to do. with this scheme.
It needs
webserver that can be access by public as reverse proxy.
Forward any request from reverse proxy to websocket server.
Client connect to websocket server.
Client run webserver in local
Any request from websocket server will forward to client websocket then forward to webserver in local.
client request -> reverse proxy webserver public -> websocket server public -> websocket client -> local webserver.
The advantage with this, my local webserver always can online with any connection, cellular carrier, wifi public and hide any implement code safely.
Is there already outhere already implements this?
I have a chrome extension which uses an externel socket.io server to connect clients together.
During development I was able to connect to the server via http://localhost:2087 just fine, but right now I need socket.io to work over HTTPS so I can access it from a browser tab being server by HTTPS.
I don't want to deal with certificates, and want to keep the code on the socket.io server mostly the same, so I want to proxy the IP for the server via Cloudflare and establish SSL like that.
But I haven't been able to, the socket.io server uses no other webserver, but I can change it to use the native NodeJS http or https libraries.
But I haven't been able to access the socket.io server via the Cloudflare proxy. Clouflare returns 522 errors, which means a connection timeout.
Apparantly flexible SSL only works with with ports 443->80
Other ports are not supported...
Is there way to set Proxy settings (route via proxy Server) for HazelcastClient to connect to remote cache server (which is behind a firwall)
Thanks
No since Hazelcast clients use an internally developed (even though open source), plain TCP protocol, there is no real proxy support. You might be able to use a SOCKS proxy though but this is not supported.
There's also a prototype to tunnel the protocol through a HTTPS session but same thing, not officially supported: https://github.com/noctarius/https-tunnel-openshift-hazelcast