+BudMan MVC Posted June 9, 2014 MVC Share Posted June 9, 2014 Ok - so little break in real work.. So here you go, walked through the rest of that walktrhu I linked too and its pretty much spot on. So in my .conf did like in the walkthru http_port 3128 intercept https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem acl broken_sites dstdomain .example.com ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 Ran through his iptable commands to do the intercepts.. fired up squid and you see its listening and intercepting 2014/06/09 14:12:10| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/09 14:12:10| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 So squid is running on vm on 192.168.1.219, my actual gateway is .253 So my test vm on .13 I pointed its gateway to .219, installed the myCA.pem created in the walkthru and bing bang zoom Notice the cert that google.com is using ;) Let me fire up chrome on this vm.. but other than the conf change for enable cache and the first chown command needing to be up a dir that work thru looks pretty spot on. edit: Ok installed chrome, and sslbump is working as designed.. Notice who the https chase.com cert is issued by ;) Now one thing with chrome - it did not like the .pem, so just exported that from firefox as .crt and imported that into chromes trusted CA store.. And there you go MITM in like 10 minutes tops to set this up to be honest. Oh one other thing I did different than the walkthru linked too was used 2048 vs 1024 when you create the myCA.pem Torolol 1 Share Link to comment Share on other sites More sharing options...
Original Poster Posted June 10, 2014 Author Share Posted June 10, 2014 Ok - so little break in real work.. So here you go, walked through the rest of that walktrhu I linked too and its pretty much spot on. So in my .conf did like in the walkthru http_port 3128 intercept https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem acl broken_sites dstdomain .example.com ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 Ran through his iptable commands to do the intercepts.. fired up squid and you see its listening and intercepting 2014/06/09 14:12:10| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/09 14:12:10| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 So squid is running on vm on 192.168.1.219, my actual gateway is .253 So my test vm on .13 I pointed its gateway to .219, installed the myCA.pem created in the walkthru and bing bang zoom sslbumpworking.png Notice the cert that google.com is using ;) Let me fire up chrome on this vm.. but other than the conf change for enable cache and the first chown command needing to be up a dir that work thru looks pretty spot on. edit: Ok installed chrome, and sslbump is working as designed.. Notice who the https chase.com cert is issued by ;) chromesslbump.png Now one thing with chrome - it did not like the .pem, so just exported that from firefox as .crt and imported that into chromes trusted CA store.. And there you go MITM in like 10 minutes tops to set this up to be honest. Oh one other thing I did different than the walkthru linked too was used 2048 vs 1024 when you create the myCA.pem Thanks I dont know what I am doing wrong then.... maybe i need to modifi and use his tables rather than my own problem is im not overly good with IP tables yet I have eth0 as network and eth1 as "wan" so i just have to retry I guess :/ though like i said the proxy worked untill I configured for the SSL then everything just passed through the proxy, no blocking as if it had free reign to the internet Link to comment Share on other sites More sharing options...
Torolol Posted June 10, 2014 Share Posted June 10, 2014 Chase's logo are somehow similar to Steve Gibson's DNS Benchmark animated logo: back to topic, this is very useful infos about sslbump mitm Link to comment Share on other sites More sharing options...
Original Poster Posted June 10, 2014 Author Share Posted June 10, 2014 FFS this is driving me NUTS! its stilld oing the stupid 2014/06/10 10:27:23 kid1| ERROR: No forward-proxy ports configured. 2014/06/10 10:27:23 kid1| ERROR: No forward-proxy ports configured. 2014/06/10 10:27:23 kid1| ERROR: No forward-proxy ports configured. 2014/06/10 10:27:23 kid1| Finished loading MIME types and icons. 2014/06/10 10:27:23 kid1| HTCP Disabled. 2014/06/10 10:27:23 kid1| Squid plugin modules loaded: 0 2014/06/10 10:27:23 kid1| Adaptation support is off. 2014/06/10 10:27:23 kid1| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 17 flags=41 2014/06/10 10:27:23 kid1| Done scanning /usr/local/squid/var/cache/squid dir (0 entries) 2014/06/10 10:27:23 kid1| Finished rebuilding storage from disk. 2014/06/10 10:27:23 kid1| 0 Entries scanned 2014/06/10 10:27:23 kid1| 0 Invalid entries. 2014/06/10 10:27:23 kid1| 0 With invalid flags. 2014/06/10 10:27:23 kid1| 0 Objects loaded. 2014/06/10 10:27:23 kid1| 0 Objects expired. 2014/06/10 10:27:23 kid1| 0 Objects cancelled. 2014/06/10 10:27:23 kid1| 0 Duplicate URLs purged. 2014/06/10 10:27:23 kid1| 0 Swapfile clashes avoided. 2014/06/10 10:27:23 kid1| Took 0.10 seconds ( 0.00 objects/sec). 2014/06/10 10:27:23 kid1| Beginning Validation Procedure 2014/06/10 10:27:23 kid1| Completed Validation Procedure 2014/06/10 10:27:23 kid1| Validated 0 Entries 2014/06/10 10:27:23 kid1| store_swap_size = 0.00 KB 2014/06/10 10:27:24 kid1| storeLateRelease: released 0 objects Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 10, 2014 MVC Share Posted June 10, 2014 where is your conf entries? and why do you not having anything in cache? 2014/06/09 14:49:08| Squid plugin modules loaded: 02014/06/09 14:49:08| Adaptation support is off.2014/06/09 14:49:08| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=412014/06/09 14:49:08| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=412014/06/09 14:49:08| Done reading /usr/local/squid/var/cache/squid swaplog (430 entries)2014/06/09 14:49:08| Finished rebuilding storage from disk.2014/06/09 14:49:08| 430 Entries scanned2014/06/09 14:49:08| 0 Invalid entries.2014/06/09 14:49:08| 0 With invalid flags.2014/06/09 14:49:08| 430 Objects loaded.2014/06/09 14:49:08| 0 Objects expired.2014/06/09 14:49:08| 0 Objects cancelled.2014/06/09 14:49:08| 0 Duplicate URLs purged.2014/06/09 14:49:08| 0 Swapfile clashes avoided.2014/06/09 14:49:08| Took 0.05 seconds (8380.11 objects/sec).2014/06/09 14:49:08| Beginning Validation Procedure2014/06/09 14:49:08| Completed Validation Procedure2014/06/09 14:49:08| Validated 430 Entries2014/06/09 14:49:08| store_swap_size = 8536.00 KB2014/06/09 14:49:09| storeLateRelease: released 0 objects Lets see what your doing for iptables as well as your conf Link to comment Share on other sites More sharing options...
Original Poster Posted June 10, 2014 Author Share Posted June 10, 2014 where is your conf entries? and why do you not having anything in cache? # # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl whitelist dstdomain "/var/whitelist.list" # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow whitelist http_access allow all # And finally deny all other access to this proxy http_access allow localnet http_access allow localhost # Squid normally listens to port 3128 http_port 3128 intercept https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem acl broken_sites dstdomain .example.com ssl_bump none localhost ssl_bump none broken_sites ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /usr/local/squid/var/cache/squid 10000 16 256 # Leave coredumps in the first cache dir coredump_dir /usr/local/squid/var/cache/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% refresh_pattern . 20% 4320 cache_effective_user squid cache_effective_group squid Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:3128 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 10, 2014 MVC Share Posted June 10, 2014 where is your nat table? Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 3127 And I would remove your ACL whitelisting for testing.. Just run thru the guide i linked too.. And you should be up and running in like 10 minutes tops. Also you need/want a 10GB cache?? What is the full output when you start in debug? Link to comment Share on other sites More sharing options...
Original Poster Posted June 11, 2014 Author Share Posted June 11, 2014 where is your nat table? Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 3127 And I would remove your ACL whitelisting for testing.. Just run thru the guide i linked too.. And you should be up and running in like 10 minutes tops. Also you need/want a 10GB cache?? What is the full output when you start in debug? the cache is actually meant to be bigger ;D but I said 10gbs was way way way more then enough but I will probably be told to increase it. also it would appear the iptables -L didnt show everything (newwwW) :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state -i eth1 -o eth0 --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth1 -j ACCEPT COMMIT # Completed on Tue Jun 10 10:36:38 2014 # Generated by iptables-save v1.4.14 on Tue Jun 10 10:36:38 2014 *nat :PREROUTING ACCEPT [608:64919] :INPUT ACCEPT [1393:114957] :OUTPUT ACCEPT [137:8464] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127 -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Tue Jun 10 10:36:38 2014 # Generated by iptables-save v1.4.14 on Tue Jun 10 10:36:38 2014 *mangle :PREROUTING ACCEPT [16953:6278577] :INPUT ACCEPT [16510:6129319] :FORWARD ACCEPT [443:149258] :OUTPUT ACCEPT [14319:9474926] :POSTROUTING ACCEPT [14762:9624184] COMMIT FORGIVE THE LONG AMOUNT OF DATA 2014/06/11 09:37:28| Set Current Directory to /usr/local/squid/var/cache/squid 2014/06/11 09:37:28| Starting Squid Cache version 3.4.5 for x86_64-unknown-linux-gnu... 2014/06/11 09:37:28| Process ID 4582 2014/06/11 09:37:28| Process Roles: master worker 2014/06/11 09:37:28| With 1024 file descriptors available 2014/06/11 09:37:28| Initializing IP Cache... 2014/06/11 09:37:28| DNS Socket created at [::], FD 5 2014/06/11 09:37:28| DNS Socket created at 0.0.0.0, FD 6 2014/06/11 09:37:28| Adding nameserver 192.168.0.254 from /etc/resolv.conf 2014/06/11 09:37:28| helperOpenServers: Starting 5/5 'ssl_crtd' processes 2014/06/11 09:37:28| Logfile: opening log daemon:/usr/local/squid/var/logs/access.log 2014/06/11 09:37:28| Logfile Daemon: opening log /usr/local/squid/var/logs/access.log 2014/06/11 09:37:28| Unlinkd pipe opened on FD 22 2014/06/11 09:37:28| Store logging disabled 2014/06/11 09:37:28| Swap maxSize 10240000 + 262144 KB, estimated 807857 objects 2014/06/11 09:37:28| Target number of buckets: 40392 2014/06/11 09:37:28| Using 65536 Store buckets 2014/06/11 09:37:28| Max Mem size: 262144 KB 2014/06/11 09:37:28| Max Swap size: 10240000 KB 2014/06/11 09:37:28| Rebuilding storage in /usr/local/squid/var/cache/squid (dirty log) 2014/06/11 09:37:28| Using Least Load store dir selection 2014/06/11 09:37:28| Set Current Directory to /usr/local/squid/var/cache/squid 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| ERROR: No forward-proxy ports configured. 2014/06/11 09:37:28| Finished loading MIME types and icons. 2014/06/11 09:37:28| HTCP Disabled. 2014/06/11 09:37:28| Squid plugin modules loaded: 0 2014/06/11 09:37:28| Adaptation support is off. 2014/06/11 09:37:28| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/11 09:37:28| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 2014/06/11 09:37:28| Done reading /usr/local/squid/var/cache/squid swaplog (154 entries) 2014/06/11 09:37:28| Finished rebuilding storage from disk. 2014/06/11 09:37:28| 154 Entries scanned 2014/06/11 09:37:28| 0 Invalid entries. 2014/06/11 09:37:28| 0 With invalid flags. 2014/06/11 09:37:28| 154 Objects loaded. 2014/06/11 09:37:28| 0 Objects expired. 2014/06/11 09:37:28| 0 Objects cancelled. 2014/06/11 09:37:28| 0 Duplicate URLs purged. 2014/06/11 09:37:28| 0 Swapfile clashes avoided. 2014/06/11 09:37:28| Took 0.05 seconds (2907.53 objects/sec). 2014/06/11 09:37:28| Beginning Validation Procedure 2014/06/11 09:37:28| Completed Validation Procedure 2014/06/11 09:37:28| Validated 154 Entries 2014/06/11 09:37:28| store_swap_size = 3112.00 KB 2014/06/11 09:37:29| storeLateRelease: released 0 objects Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 11, 2014 MVC Share Posted June 11, 2014 well looks like https is bumped 2014/06/11 09:37:28| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/11 09:37:28| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 And you loaded stuff from cache, so that kind of looks to be working. so your doing a mangle - so this box is already the actual gateway? Or just a proxy your trying to up on the local network. Where the firewall only allows the proxy out? edit also you can get rid of those errors by setting up a forward port, say 8080 or something else that is open. 2014/06/11 07:32:16| Accepting HTTP Socket connections at local=[::]:8080 remote=[::] FD 25 flags=9 2014/06/11 07:32:16| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 26 flags=41 2014/06/11 07:32:16| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 27 flags=41 See here http socket is on 8080.. This gets rid of those errors.. Link to comment Share on other sites More sharing options...
Original Poster Posted June 11, 2014 Author Share Posted June 11, 2014 well looks like https is bumped 2014/06/11 09:37:28| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/11 09:37:28| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 And you loaded stuff from cache, so that kind of looks to be working. so your doing a mangle - so this box is already the actual gateway? Or just a proxy your trying to up on the local network. Where the firewall only allows the proxy out? I have routed using linux route command to ensure everything can be seen, then the Ip tables finishes it off yes the server is the gateway for a side network i set up eth1 acts as the wan (can be any internet connection) though I should stop using route comand as it uses specific IP addresses, but that is a different problem for a different day Link to comment Share on other sites More sharing options...
Original Poster Posted June 19, 2014 Author Share Posted June 19, 2014 well looks like https is bumped 2014/06/11 09:37:28| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=41 2014/06/11 09:37:28| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 26 flags=41 And you loaded stuff from cache, so that kind of looks to be working. so your doing a mangle - so this box is already the actual gateway? Or just a proxy your trying to up on the local network. Where the firewall only allows the proxy out? edit also you can get rid of those errors by setting up a forward port, say 8080 or something else that is open. 2014/06/11 07:32:16| Accepting HTTP Socket connections at local=[::]:8080 remote=[::] FD 25 flags=9 2014/06/11 07:32:16| Accepting NAT intercepted HTTP Socket connections at local=[::]:3128 remote=[::] FD 26 flags=41 2014/06/11 07:32:16| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:3127 remote=[::] FD 27 flags=41 See here http socket is on 8080.. This gets rid of those errors.. hey, sorry to reopen :P I have not got rid of that error yet but you are right it appears to be caching and its using https... but as mentioned before its basically a man in the middle attack and my systems know that, is there anyway to intercept the certificate and then pass it on with the same signing or have a cert that will appear to be genuine, I need good user experience (I hope you can understand what I mean, I am renowned on this forum for making little sense) spikey_richie 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 19, 2014 MVC Share Posted June 19, 2014 "basically a man in the middle attack and my systems know that" How does your system know that.. If your browser trusts the CA, then the user would not be notified - other then the cert showing your info on it, see my budman example. Dude I am not going to show you how to do an actual MITM attack ;) where the cert looks like the say verisign signed for chase.com not signed by budman CA ;) That was not the point of your post - you were having issues getting it working. It now is working from what I can tell. So thread /closed. Doing an actual MITM with valid looking certs is so outside the area of discussion for this forum its not even funny ;) You have a good user experience this way - the user is not bugged about not trusted cert, and https can be decrypted at the proxy. Users should clearly be aware that this is happening -- it is bad bad juju to sniff users ssl traffic without their knowing about it. Most companies don't even intercept ssl because of the BS that can be had from.. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted June 20, 2014 Veteran Share Posted June 20, 2014 Try working for the NSA or CIA, then you can get the CAs to issue you the fake certs you need, or get them from the site themselves. Link to comment Share on other sites More sharing options...
Recommended Posts