On Thu, 17 May 2018 08:49:04 +0200 <to...@tuxteam.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, May 16, 2018 at 07:35:51PM -0700, Kushal Kumaran wrote: > > [...] > > > You should note that HTTP-proxy based systems will not be able to do any > > inspection or modification of traffic for sites using HTTPS. > > This is true... and then it's not :-) > > If your proxy terminates the HTTPS connection, effectively doing a > "man-in-the-middle" (but controlled by you), it can: most probably > you'd have to fool your browser by offering it a HTTPS connection > from the proxy, and by installing a trusted root certificate you > create yourself. Basically what the proxy in your $CORPORATION does > all of the time. > > I don't know whether privoxy or squid can do that (I'd love to know, > mind you, but days are so short).
Privoxy apparently has no native support for this, but people have apparenly constructed working solutions using things like stunnel and ProxHTTPSProxy: https://www.stunnel.org/pipermail/stunnel-users/2006-April/001083.html https://sourceforge.net/p/ijbswa/support-requests/1512/ https://sourceforge.net/p/ijbswa/support-requests/1667/ https://sourceforge.net/p/ijbswa/support-requests/1654/ https://news.ycombinator.com/item?id=8822974 Celejar