Transparent Proxy using CONNECT method

Up ../

Transparent Proxy using CONNECT method

Many tablets and phones do not seem to understand web proxies. So not wanting to setup a full squid transparent proxy I had a look at transproxy.

While not fully understanding the code it appeared that transproxy did a fair bit of parsing the http request. All I was looking for was something that would pick up the intercepted connection and pump it through the proxy using the CONNECT method.

I disected transproxy-1.6 to get a daemon that does this which amounted to a near complete rewrite.

tproxy [ -d ] -t chroot_jail -u runas-uid -b bind-address -s bind-port
       -a access-ip-address/mask -x proxy:port [ -p pidfile ]

	-d         Do not background the daemon
	-b ip      Listen on interface/address
	-s port    and use this port
	-a ip/msk  when connecting to the proxy use local addresses 
	           from this range.

Routing rules for linux

# Deliver proxy requiring traffic to the transparent proxy listening
# on $localaddr:$port
	-p tcp -s $inside -d $outside --dport 80 -j DNAT --to $localaddr:$port 
or	-p tcp -s $inside -d $outside --dport 80 -j REDIRECT --to-port $port

# Block direct access to transparent proxy
	-p tcp -s $inside -d $localaddr --dport $port -j DROP

Basically the client connect(2)s to, the linux router's netfilter rules redirects the packet to the port the proxy listens on. The proxy using the linux specific socket call

	getsockopt (client_fd, SOL_IP, SO_ORIGINAL_DST, (char *)&dest_ip, &dlen)

to retrieve the original destination ( then uses the CONNECT method on the remote web proxy to connect to And then relay packets between the two connections.

Sources in files/

A few quick notes on using non local binds nonlocal_bind.txt to preserve the source addresses on outgoing packets.

Creative Commons CC0

James Sainsbury