[squid-users] Using SSL bump and reverse proxy for DNS sinkhole

thompsonm thompsonm3301 at protonmail.com
Sat Sep 8 08:25:44 UTC 2018


Hello, I have a question about squid SSL bump and reverse proxy. Basically
for a final project I want to create a DNS sinkhole, where the client tries
to query a domain that has a bad reputation or is known for drive-by
downloads etc, and the DNS server returns false information, such as an
internal IP. Then the client is redirected to this internal IP, where a web
server is listening, and makes the HTTP request as normal. All the HTTP
requests along with host, URL, client IP etc, are then logged. It's easy to
make this work with HTTP. However, I want it to work also with HTTPS. So
basically set up a MITM SSL proxy, where the proxy generates it's own
certificate for the suspicious website the client is trying to connect to,
and then HTTP requests are forwarded to a web server listening on the same
host. 

I'm not sure how to do this. Is there any way to do this with squid SSL bump
and reverse proxy? 



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list