[Privoxy-users] Privoxy and HTTP/2
Fabian Keil
fk at fabiankeil.de
Fri Dec 29 17:09:04 UTC 2017
Lampshade <lampshade at poczta.fm> wrote:
> You can do local MitM attack on TLS
> and configure it to route unencrypted traffic
> to privoxy, then encrypt it back and send
> to Internet.
> I have done that successfully in the past.
Letting Privoxy itself do the MitM attack is on the TODO
list and has been for a while:
| 16) Filter SSL encrypted content as well.
|
| At the beginning we could use a unencrypted connection between
| client and Privoxy, and use an encrypted connection between
| Privoxy and the server.
|
| This should be good enough for most of the content the
| user would want to filter.
|
| Interested donors: 2.
At the moment the Git migration has a higher priority
(we currently don't have a working version control system)
and I hope to be able to work on it again in January.
> Thus the original question.
> I would like to know whether unencrypted
> HTTP/2 would be parsed and manipulated
> by privoxy as HTTP 1.1 is.
Nope.
HTTP/2 is a binary protocol and Privoxy currently isn't
able to handle it at all (tunnelling with CONNECT works
of course).
From the TODO list:
| 121) Add HTTP/2 support. As a first step, incoming HTTP/1.x requests
| should be translated to outgoing HTTP/2 requests where possible
| (and if desired by the user).
| Interested donors: 1.
As doing the MitM attach with external tools is painful to setup,
proper HTTP/2 support doesn't seem to useful to me without TLS/SSL
support in Privoxy itself. Few users would be able to use it.
I don't expect anyone to work on it until #16 is done which is
currently blocked by #54 (the git migration).
Personally I'm also not too impressed by HTTP/2 and would
like to see some unbiased benchmarks first that show that
it performs better than HTTP/1.1 in reasonable configurations.
There currently are a lot of other TODO list items that
look more useful to me (and require less work).
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-users/attachments/20171229/1202d2e9/attachment.bin>
More information about the Privoxy-users
mailing list