Hi at all,
I 've already read some posts in this forum about these tools working toghether but i got an unintended result.

Here is my set up with mentioned tools on the same host :

iptables :
Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 - j REDIRECT --to-port 666
proxychains.conf:
Code:
http thishost 3128
squid-cache 3.0 as transparent proxy the rest of squid.conf file is unchanged except:
Code:
http_port 3128 transparent
and except the http_access rules..

Code:
proxychains sslstrip -l 666
I tried to use sslstrip "piped" to squid transparent proxy(in the same evil host) when doing a MITM attack with ARPSPOOF method in a lan.
Why squid? well, the next step will be to modify html content on the fly through squid and an icap server.

It doesn't work as i expect.

Squid duplicate every request to the same site to port 80 and the to port 443.
It seems squid try to get the requested http content from a site contacting it to port 80 and then to port 443 as it was in dubt about the nature(http or https) of the traffic it has to manage.

Code:
[S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:80-<--denied
[S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:443-<><>-OK
And in fact i got connections only to hosts accepting https connection!
i.e trying to get google.com..i got encrypetd.google.com

I tested singularly all chain components and they work correctly.

Does proxychains tunnel via ssh the all the traffic catched by sslstrip?

p.s : i made a revert of this chain, i tried to proxify squid..but proxychains detached the squid process immediatly as strace command reports.

Thanks in advance.