stunnel + 3proxy to make an HTTPS proxy

Email this to someoneTweet about this on TwitterShare on FacebookShare on Google+Print this page

In this arrangement, stunnel acts as a TLS/SSL wrapper while 3proxy acts as a proxy server.

For security, a valid (sub)domain and a valid SSL certificate for it are needed.

The setup:

  • 3proxy part:
    1. Install via repo or build from source;
    2. Configure a proxy server listening on only 127.0.0.1 but with auth, the example 3proxy.cfg as follows:
    3. Start it.
  • stunnel part:
    1. Install via repo or build from source, and remember to enable it in /etc/default/stunnel*;
    2. Configure a hardened tunnel, the example tunnel.conf as follows:
      A note: in the stunnel.pem concatenated are .key, .crt and respective intermediate .crt in order.
    3. Start it.
  • iptables part:
    In order to prevent local loop, reject some connections as follows:
  • browser part:
    Just refer to this link to Chromium,
    Or, a chrome extension named SwitchyOmega helps. When adding a server, always input the valid (sub)domain other than the server IP.

Pros:

  • A valid SSL certificate means no hiccup in the browser and all traffic passing through are encrypted.
  • This arrangement requires pretty low privilege at the client side, and all is done in the browser without installing or running other thingy.

Cons:

  • A hardened tunnel consumes more resource on either side. As a result, there may be sort of speed degradation.
  • A valid (sub)domain should be owned and also a valid SSL certificate should be paid.

 
Oct 14, 2017 @ 09:32

Email this to someoneTweet about this on TwitterShare on FacebookShare on Google+Print this page

Leave a Reply

Your email address will not be published. Required fields are marked *

Please calculate * Time limit is exhausted. Please reload CAPTCHA.