SSLproxy icon indicating copy to clipboard operation
SSLproxy copied to clipboard
verified publisher icon sonertari

SSL proxy support CONNECT method ?

Open ingnelson opened this issue 5 years ago • 2 comments

Hello sir.

I would like your help and i am glad to pay you for your service.

  1. I am behind a firewall

  2. The client is a Android Application, it can sends an HTTP request with the proxy and then to the SSH server to create the tunnel.

  3. On the internet I found the following: HTTP proxy: 50.18.211.227:8043 Fully qualified domain name (FQDN): 5ef50094901b6f5fccdfd0f6-172-245-22-211.cloudmi.datami.net

The proxy is linked to their domain, the only thing that altered was the domain which removed their IP that it had and put or added mine 172-245-22-211 so that your proxy will not reject the connection.

I show you the connection that WIRESHARK shows me. What you send and what you receive :

Tunnel1 Tunnel2

It is possible to create a proxy that support CONNECT method and support HTTPS or SSL like that proxy I found on the internet ?

The proxy 50.18.211.227:8043 response is :

HTTP/1.1 200 Connection established. Server: sdgw

then goes the response from my SSH dropbear on port 443 and the tunnel is created.

i want a proxy like that on my VPS .

I am going to wait for your reply.

ingnelson avatar Jul 02 '20 20:07 ingnelson

Note: This is a duplicate of a request here

What I understand from your request is that you want to log in to the system only once and be able to open connections through your firewall using HTTP and SSH (and perhaps other) protocols. Afaik, this is not possible with HTTP proxies, because they authenticate you for HTTP connections only, not for other protocols. Is this correct?

If I understand correctly, what you describe is possible with SSLproxy using HTTP/s, SMTP/s, and POP3/s protocols, but not with SSH yet. So, when you try to surf the web, you login to the system on your web browser (SSLproxy sends a login page), which also lets you use POP3/s to retrieve your e-mails, or send e-mails using SMTP/s or autossl. The default timeout period for this authentication is 5 minutes, and can be adjusted to your needs (you don't have to re-log in to the system during this time or ever again until you log out if your computer/smartphone sends requests during this timeout period). You can find a fully functional example in UTMFW, which comes with an installation iso, so you can try and see for yourself.

SSLproxy does not use the CONNECT method to achieve this. But I guess this is not enough for you, because it does not support SSH yet.

sonertari avatar Jul 07 '20 07:07 sonertari

Btw, you may be able to achieve what you want using a TCP proxyspec for SSH connections. So, basically, you will log in to the system only once over HTTP/s, and SSLproxy will let you connect to a remote SSH server using the TCP proxyspec for the requests coming from the same computer/smartphone you have logged in to the system (using HTTP/s). I haven't tried this myself, but I think it should work (I have never tried anything like this, because the purpose of SSLproxy is deep SSL inspection, otherwise an SSH connection over a TCP proxyspec cannot be inspected of course).

sonertari avatar Jul 07 '20 07:07 sonertari