[squid-users] logging https websites
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 9 22:03:04 UTC 2015
On 10/12/2015 7:25 a.m., Leonardo Rodrigues wrote:
> Em 09/12/15 13:11, George Hollingshead escreveu:
>> is there a simple way to log request made to https sites. I just want
>> to see sites visited without having to set up tunneling and all this
>> complex stuff i'm reading about.
>>
>> Hoping there's a simple way, and yes, i'm a newb but smart enough to
>> have your awesome program running; hehe
>>
> If you really want a SIMPLE way, than the answer is NO, that's not
> possible
>
> With simply configuring the proxy on the users browsers, you'll be
> able to see the hostname, but not the full URL
>
> user acessing https://www.gmail.com/mail/something/INBOX
> will appear on the logs just as
> CONNECT www.gmail.com
>
> and that's how it works ... the path is only visible to the
> endpoints, the browser and the server, squid just carries the encripted
> tunnel between them, without knowing what's happening inside.
>
> is it possible to decript and see the full path on the logs, being
> able to filter on them and everything else ?? YES, that's ssl-bump, but
> that's FAR from being an easy setup ...
>
It is also worth noting that clients sending SNI can have their prot 443
traffic intercepted, then logged without actually decrypting.
The setup for that looks like the normal ssl-bump setup. But just peeks
and splices everything.
Amos
More information about the squid-users
mailing list