[squid-users] Copy and send decrypted HTTPS traffic to specific location
Alex Rousskov
rousskov at measurement-factory.com
Tue Sep 6 17:50:32 UTC 2016
On 09/04/2016 08:40 AM, Wesley Whitteker wrote:
> I've been doing some testing with Squid and am currently using it to
> decrypt HTTPS flows (i.e. MITM Proxy). I also have the C-ICAP feature
> working.
>
> Now, I'm trying to determine if Squid has the capabilities to send a
> copy of decrypted HTTPS traffic out a particular port on the HW platform
> I'm running squid on -- any ideas if this has/can be done?
This is possible using ICAP or eCAP interfaces: Folks write ICAP or eCAP
adapters that reassemble TCP/IP traffic based on the adaptation messages
those adapters receive from Squid and inject that TCP/IP traffic into
the network. Needless to say, the injected traffic is not exactly the
same as the original would have been, but the differences are usually
not important for the logging and analysis tools that receive the
injected TCP/IP packets. It works pretty well, actually.
HTH,
Alex.
More information about the squid-users
mailing list