Hi everybody,
I found my mistake !! The process is not good. This is the correct process : browser (localhost:8118) <-> (localhost:8118) privoxy <-web-> server [and] (localhost:8888) stunnel (server:443)
So with only privoxy like proxy in my Firefox config - when I ask http://server/page.html , data is modified by privoxy - when I ask https://server/page.html, data is transmitted by privoxy - when I ask http://localhost:888/page.html data is modified by privoxy and the real data transmitted is https://server/page.html , stunnel managing SSL between localhost and server. My new config : [https] accept = 8888 connect = server:443
In fact, it was the stunnel main function that I didn't understand. Sorry :)
Thanks to exos, and hope it will help someone,
Xavier
Xavier Cheney xav26000@yahoo.fr a écrit : Hi,
I wan to customize web page before viewing by my browser Firefox. With "privoxy" (www.privoxy.org) I can modify (proxy filter) HTTP web page, but not HTTPS pages. So, I want to use stunnel, to transfer HTTPS in HTTP between my proxy and server, like this :
browser (8118) <-> (8118) privoxy (8888) <-> (8888) stunnel (server:443) <-web-> server
This is my stunnel.conf : ---------------------------------------------------- ciphers = RC4-MD5:DES-CBC3-SHA verify = 0 debug = 7 client = yes
[https] accept = 8888 connect = server.server.com:443 TIMEOUTclose = 0 ----------------------------------------------------
And my log : ---------------------------------------------------- 2006.03.31 11:40:02 LOG7[3396:2944]: RAND_status claims sufficient entropy for the PRNG 2006.03.31 11:40:02 LOG6[3396:2944]: PRNG seeded successfully 2006.03.31 11:40:02 LOG7[3396:2944]: SSL context initialized for service https 2006.03.31 11:40:02 LOG5[3396:2944]: stunnel 4.15 on x86-pc-mingw32-gnu with OpenSSL 0.9.7i 14 Oct 2005 2006.03.31 11:40:02 LOG5[3396:2944]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2006.03.31 11:40:02 LOG5[3396:2952]: No limit detected for the number of clients 2006.03.31 11:40:02 LOG7[3396:2952]: FD 192 in non-blocking mode 2006.03.31 11:40:02 LOG7[3396:2952]: SO_REUSEADDR option set on accept socket 2006.03.31 11:40:02 LOG7[3396:2952]: https bound to 0.0.0.0:8888 2006.03.31 11:40:07 LOG7[3396:2952]: https accepted FD=200 from 127.0.0.1:2414 2006.03.31 11:40:07 LOG7[3396:2952]: Creating a new thread 2006.03.31 11:40:07 LOG7[3396:2952]: New thread created 2006.03.31 11:40:07 LOG7[3396:3320]: https started 2006.03.31 11:40:07 LOG7[3396:3320]: FD 200 in non-blocking mode 2006.03.31 11:40:07 LOG5[3396:3320]: https connected from 127.0.0.1:2414 2006.03.31 11:40:07 LOG7[3396:3320]: FD 232 in non-blocking mode 2006.03.31 11:40:07 LOG7[3396:3320]: https connecting 195.101.206.82:443 2006.03.31 11:40:07 LOG7[3396:3320]: connect_wait: waiting 10 seconds 2006.03.31 11:40:07 LOG7[3396:3320]: connect_wait: connected 2006.03.31 11:40:07 LOG7[3396:3320]: Remote FD=232 initialized 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): before/connect initialization 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write client hello A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server hello A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server certificate A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read server done A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write client key exchange A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write change cipher spec A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 write finished A 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 flush data 2006.03.31 11:40:07 LOG7[3396:3320]: SSL state (connect): SSLv3 read finished A 2006.03.31 11:40:07 LOG7[3396:3320]: 1 items in the session cache 2006.03.31 11:40:07 LOG7[3396:3320]: 1 client connects (SSL_connect()) 2006.03.31 11:40:07 LOG7[3396:3320]: 1 client connects that finished 2006.03.31 11:40:07 LOG7[3396:3320]: 0 client renegotiations requested 2006.03.31 11:40:07 LOG7[3396:3320]: 0 server connects (SSL_accept()) 2006.03.31 11:40:07 LOG7[3396:3320]: 0 server connects that finished 2006.03.31 11:40:07 LOG7[3396:3320]: 0 server renegotiations requested 2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache hits 2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache misses 2006.03.31 11:40:07 LOG7[3396:3320]: 0 session cache timeouts 2006.03.31 11:40:07 LOG6[3396:3320]: SSL connected: new session negotiated 2006.03.31 11:40:07 LOG6[3396:3320]: Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2006.03.31 11:40:07 LOG7[3396:3320]: Socket closed on read 2006.03.31 11:40:07 LOG7[3396:3320]: SSL write shutdown 2006.03.31 11:40:07 LOG7[3396:3320]: SSL alert (write): warning: close notify 2006.03.31 11:40:07 LOG7[3396:3320]: SSL_shutdown retrying 2006.03.31 11:40:07 LOG7[3396:3320]: SSL doesn't need to read or write 2006.03.31 11:40:07 LOG6[3396:3320]: s_poll_wait timeout: connection close 2006.03.31 11:40:07 LOG5[3396:3320]: Connection closed: 211 bytes sent to SSL, 163 bytes sent to socket 2006.03.31 11:40:07 LOG7[3396:3320]: https finished (0 left) 2006.03.31 11:40:07 LOG7[3396:2952]: https accepted FD=220 from 127.0.0.1:2417 2006.03.31 11:40:07 LOG7[3396:2952]: Creating a new thread 2006.03.31 11:40:07 LOG7[3396:2952]: New thread created 2006.03.31 11:40:07 LOG7[3396:3944]: https started 2006.03.31 11:40:07 LOG7[3396:3944]: FD 220 in non-blocking mode 2006.03.31 11:40:07 LOG5[3396:3944]: https connected from 127.0.0.1:2417 2006.03.31 11:40:07 LOG7[3396:3944]: FD 232 in non-blocking mode 2006.03.31 11:40:07 LOG7[3396:3944]: https connecting 195.101.206.82:443 2006.03.31 11:40:07 LOG7[3396:3944]: connect_wait: waiting 10 seconds 2006.03.31 11:40:08 LOG7[3396:3944]: connect_wait: connected 2006.03.31 11:40:08 LOG7[3396:3944]: Remote FD=232 initialized 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): before/connect initialization 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write client hello A 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 read server hello A 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 read finished A 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write change cipher spec A 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 write finished A 2006.03.31 11:40:08 LOG7[3396:3944]: SSL state (connect): SSLv3 flush data 2006.03.31 11:40:08 LOG7[3396:3944]: 1 items in the session cache 2006.03.31 11:40:08 LOG7[3396:3944]: 2 client connects (SSL_connect()) 2006.03.31 11:40:08 LOG7[3396:3944]: 2 client connects that finished 2006.03.31 11:40:08 LOG7[3396:3944]: 0 client renegotiations requested 2006.03.31 11:40:08 LOG7[3396:3944]: 0 server connects (SSL_accept()) 2006.03.31 11:40:08 LOG7[3396:3944]: 0 server connects that finished 2006.03.31 11:40:08 LOG7[3396:3944]: 0 server renegotiations requested 2006.03.31 11:40:08 LOG7[3396:3944]: 1 session cache hits 2006.03.31 11:40:08 LOG7[3396:3944]: 0 session cache misses 2006.03.31 11:40:08 LOG7[3396:3944]: 0 session cache timeouts 2006.03.31 11:40:08 LOG6[3396:3944]: SSL connected: previous session reused 2006.03.31 11:40:08 LOG7[3396:3944]: Socket closed on read 2006.03.31 11:40:08 LOG7[3396:3944]: SSL write shutdown 2006.03.31 11:40:08 LOG7[3396:3944]: SSL alert (write): warning: close notify 2006.03.31 11:40:08 LOG7[3396:3944]: SSL_shutdown retrying 2006.03.31 11:40:08 LOG7[3396:3944]: SSL doesn't need to read or write 2006.03.31 11:40:08 LOG6[3396:3944]: s_poll_wait timeout: connection close 2006.03.31 11:40:08 LOG5[3396:3944]: Connection closed: 211 bytes sent to SSL, 163 bytes sent to socket 2006.03.31 11:40:08 LOG7[3396:3944]: https finished (0 left) ----------------------------------------------------
Note the first "Socket closed on read". I think the problem is there. The web reply is "Bad Request (Invalid URL)"
Where did I do a mistake ?
Thanks for answer,
Xavier