Proxomitron transparent proxy server
|
Oct. 10, 2009, 02:40 PM
(This post was last modified: Oct. 10, 2009 02:44 PM by wolfgang.)
Post: #1
|
|||
|
|||
Proxomitron transparent proxy server
Hi,
I am new to Proxomitron and look for a solution to implement the Proxomitron proxy on a standalone server , but now the but, I would need the Proxomitron to act as a transparent proxy. I want to use a webserver test software via the Proxomitron proxy that proxomitron would add a authentication header to each request of the test software. As the test software does not have the option to configure a proxy server, I would configure the gateway address of the test-server to the IP address of the Proxomitron server.....but that this would work, the Proxomitron would need to act as a transparent proxy. Any idea if this can be somehow configured, or if we could add some other SW to achieve this? A portforwarder is not good enough, because the transparent mode would still need to be configured in Proxomitron. One more thing, my test-server is a Linux virtual machine, so I can not use a proxifier to do the job. Any help appreciated, Wolfgang |
|||
Oct. 10, 2009, 10:07 PM
Post: #2
|
|||
|
|||
RE: Proxomitron transparent proxy server
If you are meaning 'transparent' in the sense that the requesting software isn't aware of the proxy (may not be correct useage of the term), iptables might work for you since you are using Linux. Iptables can redirect the requests. Something like this:
Code: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 See the iptables man pages: Quote:REDIRECT or documentation on setting up squid 'transparently' with squid being the 'proxy' for Proxomitron (pun intended). The examples won't be exact, but the principles should mostly be the same. Sorry if I have misunderstood your request. |
|||
Oct. 11, 2009, 07:43 AM
(This post was last modified: Oct. 11, 2009 07:47 AM by wolfgang.)
Post: #3
|
|||
|
|||
RE: Proxomitron transparent proxy server
Thanks, exactly, I need to have setup that my test setup is not aware of a proxy config, iptables allows only to redirect the port (port 80 and if needed 443 to proxy port), but then you still have to redirect to a transparent proxy (squid configured as transparent) and configure squid to be transparent proxy. If i do this, I would need to make a proxy chain, go to squid configured as transparent proxy with iptables or a other portforwarder and then chain squid to proxomitron as next proxy to add the http headers (this is what I need). This is be my backup plan, but is not very good solutions because you have to proxy via squid and then proxomitron (complicated and additional delay).
Ideal case would be to use iptables or portforwarder to forward my ports to proxomitron and then configure proxomitron itself in some way to act as transparent proxy......not sure if this is possible....that's my real question. (For example to make squid 'transparent" you have to add in config: http_port 8080 transparent, something similar I would need for proxomitron) Thanks, Wolfgang |
|||
Oct. 11, 2009, 07:01 PM
(This post was last modified: Oct. 11, 2009 07:20 PM by Graycode.)
Post: #4
|
|||
|
|||
RE: Proxomitron transparent proxy server
Supporting transparent proxy mode requires being able to support two types of request formats. When used as a normal proxy the scheme and host portion is prefixed to the page request. Otherwise the scheme is not specified and the host header value is not duplicated by browsers.
Some other minor differences exist in headers. An example is that a browser might send "Proxy-Connection:" to a proxy, but send "Connection:" to a direct server. Those headers are for hop-by-hop interpretation, and a transparent proxy is not known to be a hop in the chain. A normal proxy request looks like: Code: GET http://www.example.com/index.html HTTP/1.1 A transparent request would look like: Code: GET /index.html HTTP/1.1 In order to determine if Proxo can act as a HTTP transparent proxy: - Telnet into your Proxo TCP port. - Send it the transparent format, add an empty line after the headers. If you get back HTML from the example.com server then Proxo can probably be a stand-alone transparent HTTP proxy. If you don't then it will need to be chained to by something else that can provide the proxied formatting. Processing of HttpS is a major difference. For a proxied request the browser will send: Code: CONNECT www.example.com:443 HTTP/1.1 A proxy would connect to that host:port, respond with a "200 OK", and then enter an encryption tunnel between the browser and that server. The CONNECT step exists only when the browser knows it's going through a proxy. A transparent proxy may not know what to do with the garbage-looking communication. The browser has assumed it's directly connected to the intended port of the host server, yet a transparent proxy might not be able to decypher what was intended. Proxo has options to be man-in-the-middle for SSL, but I think that's only applicable when given the CONNECT command. It may not work in a transparent fashion without a browser using CONNECT. Maybe Squid will create one and send that in transparent mode (I have no clue, but it seems unlikely). Good luck, I'll be interested in what you come up with. |
|||
Oct. 11, 2009, 09:28 PM
Post: #5
|
|||
|
|||
RE: Proxomitron transparent proxy server
Privoxy can likely handle your limited filtering requirements and has the ability to function in 'transparent' mode (or actually 'interception' mode*):
Code: accept-intercepted-requests 1 From the privoxy manual: Quote:Specifies: I have used privoxy on Linux and Windows machines, and I never liked it (I run Proxo in Wine on Linux). Among my dislikes: I don't care for Privoxy's interface for one and it is extremely slow compared to Proxo even with a minimal set of filters running. However, in your very specific case, I might make an exception to get the job done. I hate to exclude Proxo from your solution, but I don't see how it can be done (without chaining to an additional piece of software) unless there is some super secret code built-in that allows the functionality you seek. By the way, I'm not sure if you'd really notice a slow-down chaining Proxo with iptables + Squid (even ignoring Squid's caching ability which, it appears, you would not be using). But perhaps a 'stripped' down Proxo-chain alternative might be to use 'transproxy' as the intercepting proxy. It has no other purpose but to intercept HTTP traffic. Whether this actually results in efficiencies over Squid, I don't know, but it seems simple to configure based on limited research, so it might be worth a try. http://transproxy.sourceforge.net/ |
|||
Oct. 12, 2009, 07:27 AM
Post: #6
|
|||
|
|||
RE: Proxomitron transparent proxy server
Thanks for all the info. Will report back when I get one of the solutions to work.
Thanks, Wolfgang |
|||
« Next Oldest | Next Newest »
|