Possible to insert request headers into SSL/HTTPS Request using proxy?
I am currently using the apaches mod_proxy/mod_proxy_http/mod_headers as a forward proxy to add (overwrite) cookie request headers to a request like this:
<Proxy *>
Order deny,allow
Allow from all
RequestHeader set Cookie "mycookie=1234"
</Proxy>
(Of course i don't have allow from all and * but to simplify and reproduce this is just fine)
Now I want to do the same for an ssl connection. I loaded mod_proxy_connect which makes ssl work fine, but the header injection doesn't work.
This makes sense because SSL is end2end and shouldnt be modif开发者_运维百科ied on the way.
However I want to do it. I think the server would need to be a man in the middle. It would need its own SSL certificate which will be invalid for the domain, but this can be added as an exception. Can this somehow be done with a reverse proxy?
Another thing which i would be cool with to (which I would prefer) would be to map the ssl connection to a usual http connection.
Any suggestions welcome!
It is possible, but that is a breach of SSL security, so you won't find feature for this in white-hat software.
SSLStrip can proxy HTTPS to HTTP and transform links and redirects on the fly.
精彩评论