Post Reply 
Undesirable SSL behavior
Apr. 11, 2004, 01:28 PM
Post: #1
 
I think that with 4.5 SSL connections are not forwarded to the external proxy as a CONNECT request but sent straight to the target site. Is this correct? if so then it is clearly a security hole as it exposes your true IP to any site that includes https elements.

Is there any way to change this behavior?

cheers,
chemist
Add Thank You Quote this message in a reply
Apr. 11, 2004, 03:56 PM
Post: #2
 
Quote:I think that with 4.5 SSL connections are not forwarded to the external proxy as a CONNECT request but sent straight to the target site. Is this correct?
I don't think so...

Code:
+++GET 651+++
Using Proxy - 211.185.185.62:3128
CONNECT https://grc.com:443/ HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 5.0; U; rv:1.7b) Gecko/20040410 Firefox/0.8.0+ (scragz)
Host: grc.com
Proxy-Connection: Close
Connection: Close
Referer: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=Big+Bang
Accept-Encoding: gzip, deflate
Loaded: OpenSSL 0.9.7d 17 Mar 2004

+++SSL:GET 651+++
Using Proxy - 211.185.185.62:3128
SSL cipher TLSv1 AES256-SHA (256 bits)
GET https://grc.com:443/ HTTP/1.1
Host: grc.com
User-Agent: Mozilla/5.0 (Windows NT 5.0; U; rv:1.7b) Gecko/20040410 Firefox/0.8.0+ (scragz)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=Big+Bang
Browser reload detected...
HTTP/1.0 200 Connection established
RESP 651 : HDR_In Cache-Control killed: max-age=86400
RESP 651 : HDR_In Expires killed: Wed, 01 Jan 1997 12:00:00 GMT
RESP 651 : HDR_In Vary killed: Accept-Encoding

+++SSL:RESP 651+++
SSL cipher TLSv1 RC4-MD5 (128 bits)
HTTP/1.1 200 OK
Date: Sun, 11 Apr 2004 15:48:08 GMT
Connection: close
Content-Type: text/html
Server: GRC Custom Hybrid NanoProbe Engine/1.57 (experimental)
Content-Encoding: gzip
Transfer-Encoding: chunked
+++CLOSE 651+++
You'd need an SSL enabled proxy of course. Otherwise you'll get this screen:
Quote:Connect method not supported

The following proxy...
217.237.151.33
Doesn't appear to support this method
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: