Modify SSL User Agent Header
I've successfully setup up Squid as a transparent proxy so both http and https traffic is filtered. I have verified both protocols are being filtered by looking at squid's logs… hurray, great news indeed.
So along the way, I successfully configured squid to modify User Agent but this configuration seems limited to only modifying headers for HTTP traffic only (not HTTPS). If i venture over to (http)www.proxydetect.com, my HTTP_USER_AGENT is modified to the string I've configured request_header_replace User-Agent with.
I set up a script on my own https on a client's server hosted with godaddy but the user agent it is reporting is my actual user agent and not the string I've assigned.
So that leads me to this question…. how do I modify the User Agent HTTP header for SSL traffic? I have googled the answer and what I found was this... I need to add "intercept" or "transparent to my http_port option in squid.conf, ie:
http_port 192.168.4.1.1:3128 ssl-bump generate-host-certificates=on dynamic_........
http_port 192.168.1.1:3128 intercept [or transparent] ssl-bump generate-host-certificates=on dynamic_........
ok, fine, easy enough.
so via ssh, I manually modified squid.conf and added intercept (as above), restarted server, tested, but user agent unmodified. I modified squid.conf again and tried 'transparent' (as above), restarted server, tested, and again, user agent still unmodified.
Am I shooting for something that isn't possible?
Any input appreciated.
Any changes need to go to squid.inc file, otherwise they'll be gone on save.
good to know… I didn't know about squid.inc. However, I was restarting the server from ssh, not the web gui so my changes were sticking..
turns out that http_port is configured correctly so no modifications are needed to squid.inc.
the reason why headers are not be modified for https connections is because i have the following added to the
Custom Options (SSL/MITM)input box:
ssl_bump splice all
When I change it to:
ssl_bump bump all
user agent header is modified for https connections, however….
however, it breaks security with some sites. other sites, i can set my browser to always trust the certificate. some sites won't even load, period. My guess is due to self-signed CA.
"splice all" cannot modify any content sent, what's spliced becomes a TCP tunnel.