Skip to main content

Proxy and Direct Connection vs SSL/TSL Connection

Does have the Proxy  privileges? Yes, if you're running out of quota, and bandwidth starts to narrow. Don't you believe?

Now I will prove it with some tools from Back | Track 5 and Windows. Among them are Etherape, Network Proxy Manager, and Proxy Switcher.

In the previous post, I've explained about how to find a Proxy that matches your network using Proxy Switcher. After getting the proxy, you can start trying the difference between Proxy and Direct Connection.

Straight to


Open Network Proxy Manager by selecting System -> Preferences -> Network Proxy

Select Dirrect Internet Connection. In this option, you are using a direct connection to a website. Or do not use Proxy. Do not forget to install your Etherape with the following command: apt-get install update, then apt-get install etherape. After etherape is installed, open etherape with navigation Applications -> Internet -> Etherape.
If you are using a dial-up modem, then Select Capture-> Interface -> ppp0 — Then Etherape will start scanning any connections that occur on the ppp0 interface.

I'm opening facebook, and seen modem start contacting some sites to load web pages. Usually the sites in this contact, is an advertising site.

Then what to do with slowing down the modem performance? It is obvious that the modem is getting distracted by contacting many websti just for loading one page, not to mention if you open multiple websites at a time. This is what makes your internet connection slow.

So what if we use a modem?

It appears that I only contact two IP addresses, even though I open 4 sites at once. This is what makes your modem work faster, because he only calls 2 IP addresses.

So what do two IP addresses do? Of course download the data, and give it to you. This means that he is connecting like picture one (without proxy). Interested?


Direct SSL/TLS connection

When a browser creates a direct secure connection with an origin server, there are no HTTP CONNECT requests.

The first HTTP request sent on such a connection is already encrypted. In most cases, Squid is out of the loop: Squid knows nothing about that connection and cannot block or proxy that traffic. The reverse proxy and interception exceptions are described below.

Direct SSL/TLS connection to a reverse proxy

Squid-2.5 and later can terminate TLS or SSL connections. You must have built with --enable-ssl. See https_port for more information. Squid-3.5 and later autodetect the availability of GnuTLS library and enable the functionality if available. OpenSSL or LibreSSL must be enabled explicitly with the --with-openssl configure option. If the library is installed in a non-standard location you may need to use the --with-foo=PATH configure option. See configure --help for details.

This is perhaps most useful in a surrogate (aka, http accelerator, reverse proxy) configuration. Simply configure Squid with a normal reverse proxy configuration using port 443 and SSL certificate details on an https_port line.

Bumping direct SSL/TLS connections

{X} WARNING: {X} HTTPS was designed to give users an expectation of privacy and security. Decrypting HTTPS tunnels without user consent or knowledge may violate ethical norms and may be illegal in your jurisdiction. Squid decryption features described here and elsewhere are designed for deployment with user consent or, at the very least, in environments where decryption without consent is legal.

These features also illustrate why users should be careful with trusting HTTPS connections and why the weakest link in the chain of HTTPS protections is rather fragile. Decrypting HTTPS tunnels constitutes a man-in-the-middle attack from the overall network security point of view. Attack tools are an equivalent of an atomic bomb in real world: Make sure you understand what you are doing and that your decision makers have enough information to make wise choices.

A combination of Squid NAT Interception, SslBump, and associated features can be used to intercept direct HTTPS connections and decrypt HTTPS messages while they pass through a Squid proxy.

This allows dealing with HTTPS messages sent to the origin server as if they were regular HTTP messages, including applying detailed access controls and performing content adaptation (e.g., check request bodies for information leaks and check responses for viruses). Configuration mistakes, Squid bugs, and malicious attacks may lead to unencrypted messages escaping Squid boundaries.

Currently, Squid-to-client traffic on intercepted direct HTTPS connections cannot use Dynamic Certificate Generation, leading to browser warnings and rendering such configurations nearly impractical. This limitation will be addressed by the bump-server-first project.

From the browser point of view, intercepted messages are not sent to a proxy. Thus, general interception limitations, such as inability to authenticate requests, apply to bumped intercepted transactions as well.

Encrypted browser-Squid connection

While HTTPS design efforts were focused on end-to-end communication, it would also be nice to be able to encrypt the browser-to-proxy connection (without creating a CONNECT tunnel that blocks Squid from accessing and caching content). This would allow, for example, a secure use of remote proxies located across a possibly hostile network.

Squid can accept regular proxy traffic using https_port in the same way Squid does it using an http_port directive. Unfortunately, popular modern browsers do not permit configuration of TLS/SSL encrypted proxy connections. There are open bug reports against most of those browsers now, waiting for support to appear. If you have any interest, please assist browser teams with getting that to happen.

Mean while, tricks using stunnel or SSH Tunnels are required to encrypt the browser-to-proxy connection before it leaves the client machine. These are somewhat heavy on the network and can be slow as a result.

Chrome

The Chrome browser is able to connect to proxies over SSL connections if configured to use one in a PAC file or command line switch. GUI configuration appears not to be possible (yet).

More details at http://dev.chromium.org/developers/design-documents/secure-web-proxy

Firefox

The Firefox 33.0 browser is able to connect to proxies over TLS connections if configured to use one in a PAC file. GUI configuration appears not to be possible (yet), though there is a config hack for embedding PAC logic.

There is still an important bug open: Using a client certificate authentication to a proxy: https://bugzilla.mozilla.org/show_bug.cgi?id=209312

If you have trouble with adding trust for the proxy cert, there is a process by Patrick McManus to workaround that.

I hove that usefull and thanks for visit my simple blog :D :')

Comments

Popular posts from this blog

Top Proxy Squid 2019 Untuk Internet Gratis Tunnel SSH Http Injektor

Hello Gretongan Hahaha ... Maaf", kali nih saya kan bagi-bagi   Proxy Squid 2017 Untuk Internet Gratis Tunnel SSH  Http Injektor  update yg masih angat dan mungkin akan hangat trus yah, siapa tau punya pemanas hehe. Pada kesempatan kali ini Saya akan sediakan beberapa List Squid. Proxy Squid Checker  Here Proxy List Pertama Berdasarkan postingan teman-teman di WA Group ini list proxy squid 200 OK 191.241.36.155:3128 49.1.244.139:3128 42.117.1.78:3128 50.206.36.254:3128 37.99.214.45:3128 46.166.185.38:3128 46.166.185.177:3128 46.166.185.189:3128 182.23.98.66:3128 212.91.188.166:3128 163.172.11.141:3128 185.167.236.230:3128 149.56.180.31:3128 117.3.36.41:3128 35.154.11.201:3128 31.193.4.174:3128 191.34.75.232:3128 191.241.36.139:3128 177.22.111.219:3128 112.199.65.190:3128 177.55.158.19:3128 173.192.175.13:3128 128.199.42.166:3128 163.172.167.96:3128 122.3.242.7:3128 218.63.208.223:3128 104.237.246.26:3128 2

How to Install ProxyBroker 2019 English Update

How to Install ProxyBroker The first step is to prepare the following dependencies 1 pkg install python-dev make clang libffi-dev The second step manually install the pycares library 1. pip install cffi==1.5.0 2. pip download pycares 3. tar xzvf pycares-2.4.0.tar.gz 4. cd pycares-2.4.0 5. python setup.py install Step three install Proxybroker 1 pip install proxybroker How to use ProxyBroker   Here I will divide into several parts so as not to get confused when doing practice  1. Finding proxy 1 proxybroker find --types HTTP HTTPS - lvl high --country US-l 20  -t or -types This option is to determine the proxy type you can enter HTTP, HTTPS, SOCKS  -l or -lvl  This option is to choose the anonymous level you can enter Transparent, High, Elite  -c or -Country  This option is to select the target country, enter country code, for example SG (Singapore), ID (Indonesia), US (America), AU (Australia), etc.  -l or -limit  This option is to deter

Top 156 Proxy Site Update 2019 - Dekstop Only

Top 156 Proxy Sites List Compiled Below are  top proxy sites  which are used allover the world by users trying to unblock blocked sites. Proxy Site –  https://www.proxysite.com/ Proxy.org –  Proxy.org BlewPass – BlewPass.com Unlock My Web –  http://www.unblockmyweb.com/ Proxyq –  http://proxyq.com Hide My Ass –  https://www.hidemyass.com/ 5 Proxy –  http://5proxy.xyz/ Zfreez –  http://zendproxy.com/ Free YouTube Proxy –  http://www.youtubeunblockproxy.com/ Proxy –  http://proxy.org/ England Proxy –  https://www.englandproxy.co.uk/ Fast USA Proxy –  http://fastusaproxy.com/ Free Proxy Party –  http://freeproxy.party/ New IP Now –  http://newipnow.com/ Vtunnel –  http://vtunnel.com/ Anonymouse –  http://anonymouse.org/anonwww.html Hidden Digital Info –  http://hiddendigital.info/ K Proxy –  http://www.kproxy.com/ Don’t Filter –  http://dontfilter.us/ Proxy 2014 –  http://www.proxy2014.net/ Prox Me Call Me Names –  http://www.proxmecallmenames.com/ VTunnel –