[squid-users] Gather POST request on HTTPS traffic?
Eliezer Croitor
ngtech1ltd at gmail.com
Mon Nov 23 01:02:44 UTC 2020
Hey Roee,
>From what I remember the best solution would be to use an eCAP module in the long term.
You can use the debug_options and it will work good.
The main issue with this is the DISK IO.
If you do have beefy hardware and SSD+RAM on the machine then the debug_options might be good enough for you.
But the most important thing is to test and verify if it works in your specific environment.
All The Bests,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Tuesday, November 17, 2020 2:09 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Gather POST request on HTTPS traffic?
On 17/11/20 12:14 pm, roee klinger wrote:
> Hello everyone,
>
> I work at a digital agency that has quite a few machines that are
> managing some Instagram accounts, they are all running in the same LAN
> and we are using Squid as a proxy to log and analyze some usage
> statistics and to make sure the machines are only used for Instagram.
>
> We had an idea to use Squid to capture the POST data of users on the
> proxy level, for example, likes, follows, comments, etc so we can log
> and analyze everything in a convenient central way, so we can analyze it
> and even send out clients a monthly report of all the actions their
> accounts made (who they followed, what they liked, etc).
>
> I can easily see the requests that I want to capture inside the
> "network" tab in Chrome but the problem is that Instagram uses HTTPS, so
> I can't seem to be able to capture this data.
>
>
> Is there any way for me to log this data via Squid using the POST data
> or any other way?
>
Access to HTTPS transactions for a domain you do not own requires the
SSL-Bump feature to decrypt ("bump") the TLS layer.
see <https://wiki.squid-cache.org/Features/SslPeekAndSplice>.
You could use cache.log with "debug_options ALL,1 11,2" configured to
log the transactions. However an ICAP service or eCAP module that does
both the record and analyze for you is probably better.
>
> Note: We are aware of the legal issues, all machines connected to the
> network are company property, and all the accounts are client accounts
> that allow us to gather statistics. No personal account data will be
> gathered.
Please be aware:
That statement conflicts with the stated purpose(s) of your plan.
Personal data *will* be part of the messages you are decrypting and
recording for analysis. Further, to perform targeted reports such as
described you must also associate the data with accounts somehow.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list