[squid-users] Squid 4.5 Transparent Proxy, StrongSwan VPN - Working in Browser but not in any android apps
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 22 19:56:31 UTC 2019
On 22/01/19 9:19 pm, XploD wrote:
>
> Can anybody tell me what I have to do so that every android app accepts
> the intercepted connection?
>
IIRC there is also a phone CA certificate store where it can be added.
Though I do not recall exactly where it is right now.
Even with that setup some apps (from eg Youtube and Facebook) use
certificate pinning. They bundle the domains CA cert hard-coded into the
app it self and only trusts that exact CA. Or use a client certificate
similarly bundled with each app to authenticate against the server.
When either of those TLS features are used SSL-Bump cannot do the 'bump'
action - only the peek, splice or terminate work. That is still enough
to identify the destination domain, but no deep inspection.
>
> BTW: If any squid developer is reading this: Squid is awesome work!
> Thank you very much for such beauty!
>
On behalf of the team: thank you.
Amos
More information about the squid-users
mailing list