2

Does a client-side proxy exist that would transform my HTTP request into HTTPS before sending it to the server?

Meaning that my software application sends an HTTP request to this client-side proxy, which then encrypts it to HTTPS and sends it to the server. Then, it decrypts the response before sending it back to the original application.

Specifically, I'd like to do this for WebSockets (which is a protocol build, meaning that the software application sees this local client-side proxy at ws:// which then forwards messages to server at wss:// (and vice versa with messages coming in from the exchange).

I've tried searching for something like this but cannot find it - most likely I'm not searching with the right keywords. I'd be grateful if someone can point me to the right direction.

Rok Povsic
  • 141
  • 7
  • Do you need this for connecting to _one_ specific server that could be preconfigured, or do you need the proxy to handle various arbitrary servers? – u1686_grawity Nov 20 '22 at 10:43
  • @user1686 Several specific servers. It's fine to run multiple instances of this proxy program (configured per a specific server). – Rok Povsic Nov 20 '22 at 16:33
  • So the server does support TLS but your client application doesn't use it? – Bergi Nov 20 '22 at 18:07
  • You might want to look into a VPN instead? – Paŭlo Ebermann Nov 20 '22 at 21:11
  • 1
    i'm curious to understand why the application can't send https itself? – njzk2 Nov 20 '22 at 22:25
  • Have you considered an [Apache Reverse Proxy](https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html) with [mod_proxy_wstunnel](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html)? – Hermann Nov 21 '22 at 00:46
  • @Hermann Thanks for the suggestions, I'll check this out. – Rok Povsic Nov 21 '22 at 14:13
  • @njzk2 Two reasons: (1) I'd like to observe all the traffic easily by snooping the data, and (2) the language the software is written in has a SSL library that produces too much object allocation / garbage collection. – Rok Povsic Nov 21 '22 at 14:14

1 Answers1

3

something like stunnel could do that although you'd possibly have to go through some hoops to convince your local client to connect to the local end of stunnel instead of the remote server (possible using firewall rules if necessary)

Jasen
  • 1,516
  • 10
  • 10