complicated man in the middle proxy setup?

4n0nx

Hi,

I'd like to set up the following:

Client -> Ziproxy -> VPN -> server

I already have it working, but Ziproxy, which compresses websites and images, does not work over HTTPS due to encryption.

I would like to use a "man in the middle" proxy so that ziproxy can compress the websites even when HTTPS is used. I assume that means there has to be a proxy before and after Ziproxy?

Something like this:

Client --SSL connection-> mitm proxy -> Ziproxy -> mitm proxy --SSL connection-> VPN --SSL connection-> server

I also assume my browser will throw certificate errors at me, which can be fixed by importing my certificate into my browser?

Has anyone here done anything like that? I have no clue what proxy to use for the mitm part. I'd like an easy solution. :>

Thanks!

ricardo

You shouldn't have a requirement for a proxy to 'compress' HTTP(s) requests, any modern browser and web server would be using gzip.

I'd simply use 3proxy, either HTTPS or SOCKS, which you can forward to/via other interfaces/proxies.

Jonchun

Why not use SSL termination with HAProxy?

4n0nx

ricardo said: You shouldn't have a requirement for a proxy to 'compress' HTTP(s) requests, any modern browser and web server would be using gzip.

Ziproxy "compresses" images,too (= makes them look crappy) and lets me easily block ads on all devices that use it. I might have 64 kbit/s internet soon, so it is absolutely required. If only there was an easier way for HTTPS...

Jonchun said: Why not use SSL termination with HAProxy?

:> because I have no clue what that is

Thanks, I will take a look at the suggestions and ask more dumb questions unless I have given up.

xyz

Do you need SSL on the client side? If not, that may simplify things.

I'd imagine that any reverse proxy with SSL upstream support (maybe nginx can?) should work for you.

Another solution for crappy connections is just to disable images completely ( ImgLikeOpera Firefox extension is useful here ). Also block scripts/ads/Flash etc. Disabling the 'attack websites' filter, auto-updates etc in your browser can also help (prevents large background downloads).

4n0nx

xyz said: Do you need SSL on the client side? If not, that may simplify things.

You mean client -> my server ? Yes.

xyz

Would a VPN be suffice? Also, why do you need a VPN on the other end of the server?

telephone

If you don't mind getting your hands a little dirty with some JS, then I highly recommend alibaba/anyproxy. I've used it for a few projects already and love it! It also meets your requirements of HTTPS.

Some fun things you can do with it:

• Add NPM modules to compress images or minify HTML/CSS/JS
• Modify response headers with longer cache timing (great if you have limited internet)
• Cache the minified assets locally
• The possibilities are endless!

EDIT: You can program it to do everything Ziproxy can do, but it will take some tinkering

4n0nx

xyz said: Would a VPN be suffice? Also, why do you need a VPN on the other end of the server?

I need ziproxy to work over SSL. I always use a VPN as it has several advantages.

telephone said: If you don't mind getting your hands a little dirty with some JS,

Unfortunately that is completely beyond my abilities

xyz

I don't quite understand what you're exactly trying to do with your setup then. What advantages does the VPN have from a server?

This is how I'd imagine the setup to be, but again, your setup confuses me.