[Privoxy-users] Privoxy and HTTP/2

Lampshade lampshade at poczta.fm
Thu Dec 28 22:11:24 UTC 2017 

You can do local MitM attack on TLS
and configure it to route unencrypted traffic
to privoxy, then encrypt it back and send
to Internet.
I have done that successfully in the past.
Thus the original question.
I would like to know whether unencrypted
HTTP/2 would be parsed and manipulated
by privoxy as HTTP 1.1 is.

From: "Lee" <ler762 il.com>
To: "Lampshade" <lampsha czta.fm>; 
Subject: Re: [Privoxy-users] Privoxy and HTTP/2

> On 12/28/17, Lampshade  wrote:
> > I didn't thinked about test suite.
> > One the other hand https://http2.akamai.com
> > is probably good test suite, because it
> > is shielded by TLS.
> > http://www.http2demo.io/
> > seems to be not shielded, but Firefox debugger
> > shows that when I run HTTP/2 test, images are
> > transmitted by TLS and HTTP 1.1 are not.
> 
> you need to find an https:// test site for testing http/2
> 
> https://wiki.mozilla.org/Networking/http2
>   Firefox will only be implementing HTTP/2 over TLS
> 
> https://en.wikipedia.org/wiki/HTTP/2
>   Although the standard itself does not require usage of encryption,
> most client implementations (Firefox, Chrome, Safari, Opera, IE, Edge)
> have stated that they will only support HTTP/2 over TLS, which makes
> encryption de facto mandatory.
> 
> > If site is over TLS/SSL privoxy don't do
> >  its magic it is supposed to do.
> 
> Traffic is encrypted to/from sites using TLS/SSL; privoxy sees only
> the encrypted traffic so all it can do is allow/deny by host name.  In
> other words
> { +block }
> foo.example.com/
>   -- works
> foo.example.com/.*\.js\?rnd=
>   -- doesn't work
> 
> Regards,
> Lee
> 
> >
> > From: "Lee" 
> > To: "Lampshade" ;
> > Subject: Re: [Privoxy-users] Privoxy and HTTP/2
> >
> >> On 12/28/17, Lampshade  wrote:
> >> > Hello,
> >> > I would like to know whether privoxy
> >> > supports HTTP/2 sometime called "HTTP 2.0"
> >> > protocol. If not, does support is planned?
> >>
> >> Do you know of a test suite somewhere?  In other words, how do you
> >> tell if http/2 works correctly?
> >>
> >> https://http2.akamai.com/
> >> You are using HTTP/2 right now! (server-push is used)
> >> >>click on the "click here for a demo" button<<
> >>
> >> HTTP/1.1
> >> Latency: 13ms
> >> Load time: 0s
> >>
> >>    -- the picture was there when the page displayed
> >>
> >> HTTP/2
> >> Latency: 17ms
> >> Load time: 2.78s
> >>
> >>   -- seemed longer but maybe it was only 3 seconds watching the
> >> picture slowly get painted
> >>
> >>
> >> dunno if it matters or no but this was using firefox after going into
> >> about:config and setting security.tls.version.max to 4, going to
> >> https://www.ssllabs.com/ssltest/viewMyClient.html and seeing 'Protocol
> >> Features / TLS 1.3   yes'
> >>
> >> Regards,
> >> Lee
> >>
> >
> >
> >
>

More information about the Privoxy-users mailing list