[Privoxy-users] Privoxy and HTTP/2

Lee ler762 at gmail.com
Thu Dec 28 22:57:08 UTC 2017 

On 12/28/17, Lampshade <lampshade at poczta.fm> wrote:
> You can do local MitM attack on TLS
> and configure it to route unencrypted traffic
> to privoxy, then encrypt it back and send
> to Internet.
> I have done that successfully in the past.
> Thus the original question.
> I would like to know whether unencrypted
> HTTP/2 would be parsed and manipulated
> by privoxy as HTTP 1.1 is.

If you've done a tls mitm in the past why not do it again and see if
it works for http/2?

Regards,
Lee


> From: "Lee" <ler762 il.com>
> To: "Lampshade" <lampsha czta.fm>;
> Subject: Re: [Privoxy-users] Privoxy and HTTP/2
>
>> On 12/28/17, Lampshade  wrote:
>> > I didn't thinked about test suite.
>> > One the other hand https://http2.akamai.com
>> > is probably good test suite, because it
>> > is shielded by TLS.
>> > http://www.http2demo.io/
>> > seems to be not shielded, but Firefox debugger
>> > shows that when I run HTTP/2 test, images are
>> > transmitted by TLS and HTTP 1.1 are not.
>>
>> you need to find an https:// test site for testing http/2
>>
>> https://wiki.mozilla.org/Networking/http2
>>   Firefox will only be implementing HTTP/2 over TLS
>>
>> https://en.wikipedia.org/wiki/HTTP/2
>>   Although the standard itself does not require usage of encryption,
>> most client implementations (Firefox, Chrome, Safari, Opera, IE, Edge)
>> have stated that they will only support HTTP/2 over TLS, which makes
>> encryption de facto mandatory.
>>
>> > If site is over TLS/SSL privoxy don't do
>> >  its magic it is supposed to do.
>>
>> Traffic is encrypted to/from sites using TLS/SSL; privoxy sees only
>> the encrypted traffic so all it can do is allow/deny by host name.  In
>> other words
>> { +block }
>> foo.example.com/
>>   -- works
>> foo.example.com/.*\.js\?rnd=
>>   -- doesn't work
>>
>> Regards,
>> Lee
>>
>> >
>> > From: "Lee"
>> > To: "Lampshade" ;
>> > Subject: Re: [Privoxy-users] Privoxy and HTTP/2
>> >
>> >> On 12/28/17, Lampshade  wrote:
>> >> > Hello,
>> >> > I would like to know whether privoxy
>> >> > supports HTTP/2 sometime called "HTTP 2.0"
>> >> > protocol. If not, does support is planned?
>> >>
>> >> Do you know of a test suite somewhere?  In other words, how do you
>> >> tell if http/2 works correctly?
>> >>
>> >> https://http2.akamai.com/
>> >> You are using HTTP/2 right now! (server-push is used)
>> >> >>click on the "click here for a demo" button<<
>> >>
>> >> HTTP/1.1
>> >> Latency: 13ms
>> >> Load time: 0s
>> >>
>> >>    -- the picture was there when the page displayed
>> >>
>> >> HTTP/2
>> >> Latency: 17ms
>> >> Load time: 2.78s
>> >>
>> >>   -- seemed longer but maybe it was only 3 seconds watching the
>> >> picture slowly get painted
>> >>
>> >>
>> >> dunno if it matters or no but this was using firefox after going into
>> >> about:config and setting security.tls.version.max to 4, going to
>> >> https://www.ssllabs.com/ssltest/viewMyClient.html and seeing 'Protocol
>> >> Features / TLS 1.3   yes'
>> >>
>> >> Regards,
>> >> Lee
>> >>
>> >
>> >
>> >
>>
>
>
>

More information about the Privoxy-users mailing list