[squid-users] test ICAP server
Robin Wood
squid at digi.ninja
Fri Feb 7 21:54:15 UTC 2025
I'm more looking at things like always adding extra headers such as auth
tokens. I want to create some scripts that will go and get things like JWTs
so I can run dumb tools through them and not have to worry about doing it
by hand and then getting the tool to accept extra headers.
And I know there are other ways to do this, but this is more a curiosity
project now, especially as it didn't work first time and there is a new
protocol to learn.
Robin
On Fri, 7 Feb 2025, 21:12 Amos Jeffries, <squid3 at treenet.co.nz> wrote:
> On 8/02/25 04:35, Robin Wood wrote:
> > Hi
> > I wouldn't risk trying to do a production quality one server!
> >
> > I'm a security tester and I want a way to automatically modify traffic
> > that I'm sending to and from sites. I've got plenty of other ways to do
> > it, but as all my testing traffic already goes through a Squid box I
> > just wanted to have a play to see if I could get it to do simple
> > things like add a new header or something like that.
>
> Please be aware that Squid normalizes and performs security sanitization
> on the HTTP messages that it receives. Regardless of whether they are
> arrive from client, server, or ICAP. That means a lot of traffic
> malformation needed for proper security tests will not work at all.
>
>
> HTH
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250207/e4a8635d/attachment-0001.htm>
More information about the squid-users
mailing list