I already sent you an e-mail about this but why not do it
the proper way also:
I would like to see HTTPS support. I know this sounds
like a contradiction... filtering encrypted traffic but
proxomitron deals with this in a very elegant way. Well
actually it isn't really elegant but it works.
It uses a home made server certificate which is stored in
de proxomitron directory and uses that one to
communicate 'securely' with the browser. After that it
has succesfully finished the SSL handshake with the
browser it connects with the server and allows any
certificate it may send. This way the sessions is clear
text with during the parsing so that rewriting etc will still
work. (Or passing it thru "tee" for example).
Of course this is very insecure from a PKI point of view
but for my usage it would work perfectly. If you would
implement this you probably have to make it a very
advanced feature with a big fat warning in the readme.
Log in to post a comment.