pacproxy icon indicating copy to clipboard operation
pacproxy copied to clipboard
verified publisher icon williambailey

Support for SSL proxy

Open beansandmash opened this issue 8 years ago • 3 comments

Hello - firstly, thank you for this wonderful app.

I was wondering if it'd be possible to add in support for SSL proxies specified in the PAC file using "HTTPS exampleproxy.com:443" instead of "PROXY exampleproxy.com:80"?

Many thanks

beansandmash avatar Jun 02 '17 01:06 beansandmash

Are you able to provide more information as to how HTTPS is supposed to work? The only reference I can find is in the mozilla proxy auto configuration page. However it just states Recent versions of Firefox support as well... with no further information.

williambailey avatar Jun 08 '17 10:06 williambailey

Apologies for the delayed response.

HTTPS proxy is just an SSL-wrapped HTTP proxy - e.g. using socat to unwrap the connection: socat -v tcp4-listen:8080,reuseaddr,fork ssl:mysslwrappedproxy:443,verify=0 would allow you to connect via PROXY localhost:8080

beansandmash avatar Jul 05 '17 16:07 beansandmash

AFAIK a tunnel working like this:

# CLIENT > PROXY
CONNECT www.domain.com:443 HTTP/1.1
other HTTP headers here... (Proxy-Authorization, ...)

# PROXY > CLIENT
HTTP/1.1 200 OK
other HTTP headers here...

Now the client can send it's encrypted data (or anything else) directly through the connection and the proxy will forward it to the destination host. And it will send all response data back to the client.

The connection to the proxy is not encrypted!

ponchofiesta avatar May 29 '20 08:05 ponchofiesta