• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Logging HTTPS Web Sites

Scheduled Pinned Locked Moved Cache/Proxy
5 Posts 5 Posters 463 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    inghaj
    last edited by Jul 31, 2023, 5:29 PM

    It used to be possible to use SQUID to log all website (including https) URLs visited by users.. easy instructions were here : https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense

    However, (despite installing certificates on my computer), my Chrome browser still throws up warning when I try to visit https sites..

    Is there still a way to do this, or are browsers too security conscious now ?

    Thanks
    James

    M J G 3 Replies Last reply Jul 31, 2023, 8:02 PM Reply Quote 0
    • R rcoleman-netgate moved this topic from General pfSense Questions on Jul 31, 2023, 5:41 PM
    • M
      michmoor LAYER 8 Rebel Alliance @inghaj
      last edited by Jul 31, 2023, 8:02 PM

      @inghaj the cert is installed in the trusted root store (assuming we're talking about windows)
      You verified its the same CA cert thats on pfSense as well?
      Have you tried another browser - FF for example?
      Windows devices are pointing to the firewall as proxy?

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator @inghaj
        last edited by Jul 31, 2023, 8:12 PM

        @inghaj said in Logging HTTPS Web Sites:

        still throws up warning when I try to visit https sites..

        what is the warning exactly? Can you post a picture of the error your seeing?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          planedrop
          last edited by Aug 1, 2023, 2:51 AM

          Like others are mentioning I think we need a bit more info to properly help here.

          I will say that Chrome semi-recently started using it's own certificate store instead of the local one, however it's supposed to still add certs from your devices local cert authority list per: https://support.google.com/chrome/answer/95617?visit_id=638264549969026999-3286720105&p=root_store&rd=1#root_store&zippy=%2Cmanage-device-certificates-on-mac-and-windows

          But I suppose it's possible there is some kind of bug with this currently? Just taking a guess assuming everything else is actually in line.

          1 Reply Last reply Reply Quote 0
          • G
            Gertjan @inghaj
            last edited by Gertjan Aug 1, 2023, 6:39 AM Aug 1, 2023, 6:36 AM

            @inghaj said in Logging HTTPS Web Sites:

            Is there still a way to do this, or are browsers too security conscious now ?

            When you instruct your browser to talk to "microsoft.com" it has ways to detect if there is a MITM, aka your squid.
            Your browser and "microsoft.com" agreed that they don't want a MITM, to protect the end user. And because it defies the usage of TLS (https).
            This time it's you, next time it's the neighbor, or the government, or any 3 letter agency, and so on.

            Meet HTTP Strict Transport Security

            Btw : If you find a way around this, you'll be very famous.
            I'm not sure if you become 'rich' but one thing is sure : your 'quality of live' will strongly degrade, as there will be many coming after you as you are the one that broke world's economy (a Internet can't be used anymore for trusted transactions).

            @planedrop said in Logging HTTPS Web Sites:

            I will say that Chrome semi-recently started using it's own certificate store instead of the local one

            It probably has a build in list with sites 'not to mess with' == known HSTS sites.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received