'Using Mitmproxy to strip SSL in a proxy chain results in maxRedirects-error

I want to setup the following Infrastructure, however I have issues with MITMProxy.

Client --https--> MITMproxy --http--> squid --https--> Internet

So basically MITMproxy should get rid of the SSL-encryption, then I want to cache stuff and then use again an encrypted connection to the Internet.

However, I can't get MITMproxy to forward the plain http-traffic. According to How to chain mitmproxies with usual proxy in middle, I should set flow.request.scheme to "http" and flow.request.port to 80.

I use that addon, however, there seems to be an issue, because I get an Exceeded maxRedirects. Probably stuck in a redirect loop error when testing HTTPS-sites with Postman.

MITMProxy logs:

192.X.X.X:54321: client connect
192.X.X.X:54321: server connect localhost:3128 (127.0.0.1:3128)
192.X.X.X:54321: server connect localhost:3128 (127.0.0.1:3128)
192.X.X.X:54321: client disconnect

Squid logs:

289 127.0.0.1 TCP_TUNNEL/200 5179 CONNECT xyz.com:443 - HIER_DIRECT/85.214.X.X -
105 127.0.0.1 TCP_TUNNEL/200 576 CONNECT xyz.com:80 - HIER_DIRECT/85.214.X.X -

Both example logs are repeated 10 times, until the maxRedirects error is thrown.

From my point of view MITMproxy tries to establish SSL-connections to port 80. Anyone has a clue how to change that? Any other ideas are appreciated as well.

PS: I am using MITMproxy's upstream mode, could this be a problem?

httpsslsquidmitmproxy


Solution 1:[1]

After some time, I figured out that the transparent mode was the issue. When using mitmproxy in normal mode, everything worked as expected with the following add-on:

class ForwardRequest:

    def request(self, flow):
        flow.request.scheme = 'http'
        flow.request.port = 80

addons = [
    ForwardRequest()
]

Still, I can't forward the unencrypted traffic to squid (as this requires mitmproxy in upstream-mode which again could be an issue).

EDIT: There still seems to be an issue. Check the following log from squid. Mitmproxy was used in upstream mode and said script to strip HTTPS was running.

enter image description here

The first row represents a request to HTTP://facebook.com. Here, no striping is done and the request successfully is transmitted.

In the second & third row, a request to HTTPS://fac.... is performed. As can be seen, squid also sees a request to facebook:443, which should not be there according to my understanding...

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Mohi

Related Questions

How does webserver handle HTTP POST [closed]

HTTP response code for POST when resource already exists

Python: How do I get key/value pairs from the BaseHTTPRequestHandler HTTP POST handler?

How to resolve the issue of HTTP ERROR 405 [closed]

Getting directory listing over http

How do I use Django piston to return a response in text/plain?

How websockets can be faster than a simple HTTP request?

Angular 7: Sending post request gives error 405 (Method not allowed)

How progressive rendering works?

HTTP simultaneous connections per host limit... are per tab, browser instance or global?

Get a JSON file (that contains Hebrew values) from a remote server and parse it in Node.js

Python requests speed up using keep-alive

RESTful - What should a DELETE response body contain

Check if online resource is reachable with JavaScript, not requiring the The Same Origin Policy to allow it

Better Event centric way to solve request-reply problem in Kafka or any streaming service