Hi at all,
I 've already read some posts in this forum about these tools working toghether but i got an unintended result.
Here is my set up with mentioned tools on the same host :
iptables -t nat -A PREROUTING -p tcp --dport 80 - j REDIRECT --to-port 666
squid-cache 3.0 as transparent proxy the rest of squid.conf file is unchanged except:
and except the http_access rules..
http_port 3128 transparent
I tried to use sslstrip "piped" to squid transparent proxy(in the same evil host) when doing a MITM attack with ARPSPOOF method in a lan.
proxychains sslstrip -l 666
Why squid? well, the next step will be to modify html content on the fly through squid and an icap server.
It doesn't work as i expect.
Squid duplicate every request to the same site to port 80 and the to port 443.
It seems squid try to get the requested http content from a site contacting it to port 80 and then to port 443 as it was in dubt about the nature(http or https) of the traffic it has to manage.
And in fact i got connections only to hosts accepting https connection!
[S-chain] -<>- myhost:3128 -<><>- 220.127.116.11:80-<--denied
[S-chain] -<>- myhost:3128 -<><>- 18.104.22.168:443-<><>-OK
i.e trying to get google.com..i got encrypetd.google.com
I tested singularly all chain components and they work correctly.
Does proxychains tunnel via ssh the all the traffic catched by sslstrip?
p.s : i made a revert of this chain, i tried to proxify squid..but proxychains detached the squid process immediatly as strace command reports.
Thanks in advance.