I'd like to setup Privoxy so that it can process HTTPS traffic in addition to HTTP, but it doesn't support SSL interception using my own self-signed certificate.
I had the idea to have another proxy (call it "circular proxy") on my machine, via which I will send HTTPS traffic from my browser (HTTP can still go via Privoxy). I will generate a certificate for this circular proxy and install it in my browser. This proxy should strip the SSL, route the traffic via Privoxy, Privoxy will process it and route it via the circular proxy again, which will "add back" the SSL. Privoxy will be able to distinguish HTTP traffic coming from the browser and HTTP traffic coming from the circular proxy, no problem. The final encrypted traffic (after it's passed circular proxy -> Privoxy -> circular proxy
) should be sent directly to server.
___________ HTTP ___________ __________
| |-- -- -- -- -- -- -- -- -- -->| |-- -- -->| |
| browser | _______________ | Privoxy | | server |
| | | |-- -->| |-- -- |________|
| |-------->| circ. proxy | |_________| | ^
|_________| HTTPS |_____________|---------------------|------|
^ |
|-- -- -- -- -- -- -- -- -- --|
-----> encrypted traffic
-- --> unencrypted traffic
Is there a way to achieve that? I don't think typical reverse proxies with SSL support (e.g. nginx configured as such) can be configured in this circular fashion, but I could be wrong.
P.S. By "process" SSL traffic, I mean intercept and modify, just like it does for unencrypted traffic. Typical Man-in-the-middle SSL proxies can do that, but they are more oriented towards debugging or attacking servers. I'd like to make use of privoxy's functionalities (block ad domains, fingerprinting techniques, etc) for SSL traffic too.