[squid-users] Squid 4.5 Transparent Proxy, StrongSwan VPN - Working in Browser but not in any android apps

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 22 19:56:31 UTC 2019


On 22/01/19 9:19 pm, XploD wrote:
> 
> Can anybody tell me what I have to do so that every android app accepts
> the intercepted connection?
> 

IIRC there is also a phone CA certificate store where it can be added.
Though I do not recall exactly where it is right now.

Even with that setup some apps (from eg Youtube and Facebook) use
certificate pinning. They bundle the domains CA cert hard-coded into the
app it self and only trusts that exact CA. Or use a client certificate
similarly bundled with each app to authenticate against the server.

When either of those TLS features are used SSL-Bump cannot do the 'bump'
action - only the peek, splice or terminate work. That is still enough
to identify the destination domain, but no deep inspection.


> 
> BTW: If any squid developer is reading this: Squid is awesome work!
> Thank you very much for such beauty!
> 

On behalf of the team: thank you.

Amos


More information about the squid-users mailing list