Squid proxy reports (transparent) how to log https traffic?

eirikr · Apr 5, 2016, 11:12 PM

I am looking at my proxy report for my computer and I stream youtube and twitch a lot and I don't see it listed? i can see imgur but a lot of websites are missing.

I run it as transparent, this is how I want it.

How can I monitor my https traffic?

jimp · Apr 6, 2016, 2:37 PM

In transparent mode, squid only captures HTTP traffic. To transparently capture HTTPS requires SSL interception and installing a custom root CA on your clients, and even then it's a bad idea in general.

Block outbound HTTPS and configure your proxy settings in the browser/OS to use squid directly, then it can properly capture HTTPS requests.

eirikr · Apr 6, 2016, 3:49 PM

my goal is not to touch the host os/browser/computer at all, I might give consideration to something that allows gpo to push out the anything needed.

jimp · Apr 6, 2016, 3:54 PM

Search for squid 3 ssl interception then, many threads out there already. You may be able to push a CA via GPO, but there is no way to get HTTPS without some client-side modification. That's the whole point of HTTPS, to prevent MITM attacks from breaking the chain of trust. You have to trust your own CA which then makes fake certs to break into the connections (to put it simply). It's a really bad practice.