zlacker

[parent] [thread] 3 comments
1. yubiox+(OP)[view] [source] 2023-02-24 14:55:37
Can you give any more detail on how you did this? Is squid the proxy? How does it know which traffic is doh? What do you do with those requests?
replies(1): >>JohnFe+1d
2. JohnFe+1d[view] [source] 2023-02-24 16:02:56
>>yubiox+(OP)
Yes, I've installed my own cert to negotiate HTTPS connections, then proxy through software to check the contents being sent.

Basically the same process that some companies use for similar purposes.

replies(1): >>yubiox+Il
◧◩
3. yubiox+Il[view] [source] [discussion] 2023-02-24 16:37:44
>>JohnFe+1d
This response is just handwaving and avoids the question. Why even bother?
replies(1): >>JohnFe+C01
◧◩◪
4. JohnFe+C01[view] [source] [discussion] 2023-02-24 19:36:48
>>yubiox+Il
Oh? I thought I answered it. What are you really asking for here? A tutorial?

If that's what you want, you need to give me time to put it together. I set this up a number of years ago and don't remember the details off the top of my head.

here's what I do remember: I use a squid proxy and replace all of the HTTPS certs on my other machines with my own. When HTTPS is negotiated, it's with my proxy, not the end destination.

Then the proxy does its proxy thing and sets up a normal HTTPS connection with the destination.

In my proxy, I have a script that is looking for the HTTP lookup exchanges detailed in RFC8484 (https://www.rfc-editor.org/rfc/rfc8484). When it finds them, it drops them on the floor. Everything else just gets passed through.

[go to top]