Confusion about HTTPS proxies

3

4

I know how HTTP proxies work, but I am unsure about HTTPS ones. More specifically, I am confused about the encryption part.

So, the client connects to the proxy using HTTPS. That I understand. Now say the user wants to connect to gmail through that proxy.

  1. Does the proxy have to estabilish a HTTPS connection to gmail first?
  2. And how is the client/server hello done? Does the client encrypt the client hello through https, send it to the proxy which in turn decrypts it, encrypts it with the encryption method agreed with gmail and sends it to gmail?
  3. And then, after the client/server hello is executed and an encryption method is agreed upon, doesn't the client get confused? Because if the requests are all going through the proxy, shouldn't the encryption method be just one? Or does the client encrypt it's requests according to the host they are being sent to, regardless of ip address?
  4. One more thing; if the proxy is supposed to replace the sender address of the packets with it's own address, then shouldn't the packets be completely decrypted? Because if they are not, then how is the proxy supposed to know where to insert it's IP if the data is all garbled? Or is the sender part not encrypted?

Mark Read

Posted 2016-07-10T01:30:54.600

Reputation: 423

There are no HTTPS forward proxies. Only reverse proxies, where the upstream connection is usually unencrypted. – Daniel B – 2016-07-10T01:36:30.293

1@DanielB pretty much any HTTP forward proxy can be used for HTTPS, incl. decryption. – Mikael Dúi Bolinder – 2019-07-02T07:01:33.903

1@DanielB "There are no HTTPS forward proxies" ← what? – Mikael Dúi Bolinder – 2019-07-02T08:24:41.830

2@DanielB having set up a HTTPS forward proxy myself in production I can tell you they are real. Why are you trolling people? – Mikael Dúi Bolinder – 2019-07-02T10:49:41.043

You know what, I don’t care. The answer and discussion below already address everything relevant on this topic. It references my comment which I will not delete. – Daniel B – 2019-07-02T11:42:19.943

Answers

4

The comment 'There are no HTTPS forward proxies' is not true. They are very common. Any company of decent size will incorporate explicit forward proxies for SSL so that they can decrypt the https traffic for monitoring, logging and filtering purposes - a common euphemism being 'Compliance Reporting'.

Some background, which you may already know, for context:

The initial handshake of an HTTPS session contains three parts:

  1. Greeting: ClientHello message containing what TLS versions and ciphers it supports, and a ServerHello message with similar info. This step and the following one are not encrypted.

  2. Cert Exchange: Server provides it's TLS cert, which the client needs to decided if it trusts - typically implemented with implicit trust on those signed by certificate authorities and requiring user intervention for self-signed.

  3. Key Exchange - The method decided on in step 1 is used; the simplest method is a RSA key exchange type transaction: Client generates a key using a random number and encrypts it using the server's public key. This is decrypted using the server's private key (it can only be encrypted with the public key, it cannot be decrypted without the private key, which is subtle but confusing to many).

From here on, entirely encrypted communications take place, with nearly all of the TCP/IP packet encrypted (except for headers/fields required for routing).

The answer to your questions is that a forward proxy requires that the proxy entirely decrypts the HTTPS communications. The client never handshakes directly with the intended server (sometimes without knowing that it isn't, which I touch on below).

Here is an explanation from Palo Alto Networks on how a Forward HTTPS Proxy works (PAN-OS refers to their network SW):

  1. Client is trying to reach out www.google.com with HTTPS. Traffic is matching the decryption policy.
  2. This traffic is handled by our SSL proxy engine, and a certificate for www.google.com is generated by our internal PKI (signed by the CA certificate).
  3. PAN-OS is proxying the ssl traffic and setting up a new ssl connection with the Web Server.
  4. Web Server is starting handshake with PAN-OS device.
  5. PAN-OS device is completing its SSL handshake with client presenting generated certificate in Server Hello message.

This (if malicious) is an explicit man in the middle attack - it turns a 2 party transaction: PC ⟺ Google - into 2 separate transactions: PC ⟺ Proxy and Proxy ⟺ Google.

Side Note

As forward proxies are primarily used to monitor ssl traffic, it is interesting that the non-proxy method also discussed in that PAN link - inbound 'inspection / decryption' which requires that the firewall have the servers cert and keys, and is therefore able to entirely decrypt the communication with simple packet monitoring. As an aside, it's a bit unnerving that they advertise this as a key feature when one would hope it would have very few use cases - it requires that the operator of the firewall have the public and private keys of the 3rd party site - e.g. Google's private keys. One would think that wouldn't be common.

There are many different ways forward proxies can be implemented and I barely touch on them - many if not most forward proxies are implemented as 'transparent' forward proxies, meaning the clients are not configured to connect to a proxy at all, and the firewall / proxy interposes itself into the transaction. The forward proxy described above is a 'transparent' proxy. Once the client has accepted the cert from the proxy, which if it is a CA signed cert is usually automatic, the client machines will receive packets that the proxy modified to appear to be from the original server (e.g. google).

Update to pull in info from comments

  1. Another method to implement a forward proxy uses TCP tunnelling, which effectively creates a wrapper around the encrypted data. The initial transactions here are not encrypted, and are initiated by the client using a CONNECT request to the proxy server. Once the connection is established, client to server communications are encrypted. See this for details.

  2. HSTS (HTTP Strict Transport Security) is a protocol that was developed to prevent malicious attackers from intercepting requests from servers to transition the current transaction from http to https. The theory behind it is that it is trivial to implement a man in the middle attack on http, and this 'proxy' agent could then spoof the transition to https if it saw the transition request. It doesn't directly impact how https forward proxies work, but is related; here is a much better explanation

  3. MITM attacks, HTTPS and proxy servers. Here's an excellent explanation on why MITM attacks using proxy servers are not currently effective when using 'straight' HTTPS (i.e. not a HTTP to HTTPS transition that is partially addressed with HSTS). Here is additional info on MITM attacks and HTTPS from a question on crypto.stackexchange.

I think that answers the original and updated questions. If I have anything wrong or unclear let me know and I'll update.

Argonauts

Posted 2016-07-10T01:30:54.600

Reputation: 4 000

They're not HTTPS proxies though. You browser talks to them over an unencrypted HTTP connection, using the CONNECT verb. – Daniel B – 2016-07-10T09:50:20.883

But what about HSTS? How does it come to play into this? And if that is how the HTTPS proxies work, wouldn't a MITM attack be too easy? – Mark Read – 2016-07-10T12:01:47.127

@DanielB some forward proxies function that way, but not transparent forward proxies. Check out the links I provided, also a connect tunnel is not unencrypted: http://wiki.squid-cache.org/Features/HTTPS for an example implementation

– Argonauts – 2016-07-10T12:44:29.390

@AliceIsDead See this answer http://crypto.stackexchange.com/questions/305/is-https-secure-if-someone-snoops-the-initial-handshake

– Argonauts – 2016-07-10T12:45:08.173

HSTS comes into play when accessing a website and it requests that you use https instead of http. If this is enabled on a browser, basically the browser will use https from the beginning rather than start on http and switch to https. This provides protection against http man in the middle attacks spoofing the transition to https - see http://www.html5rocks.com/en/tutorials/security/transport-layer-security/#closing-the-open-window

– Argonauts – 2016-07-10T12:56:13.983

@Argonauts That still doesn't make it a HTTPS proxy. That would mean a browser would knowingly connect to a proxy using HTTPS. That doesn't exist. HTTPS interception is a different matter altogether. – Daniel B – 2016-07-10T16:14:44.200

Thats semantics. Definition of forward proxy: A forward proxy is an intermediate system that enables a browser to connect to a remote network to which it normally does not have access. A forward proxy can also be used to cache data, reducing load on the networks between the forward proxy and the remote webserver. If a proxy can do that with https traffic, then it is a forward https proxy. I specifically called out interception in the answer ('Side Note') calling it a 'non-proxy' method that is interesting. I will agree that you think I am incorrect, however. – Argonauts – 2016-07-10T16:31:10.943

I agree that "HTTPS interception is a different matter altogether". But as for "a browser would knowingly connect to a proxy using HTTPS.", that does exist. See my question and answer here https://stackoverflow.com/questions/56981993/https-proxy-server-only-works-in-switchomega for a practical example.

– Rick – 2019-07-12T03:51:02.450

All the tutorials that I saw in the internet using burp or squid, the client need to install the certificate manually for https forwarding to work. My question here is: There is anyway to do this without installing the certificate? You said "Once the client has accepted the cert from the proxy, which if it is a CA signed cert is usually automatic", did you mean that there is a way to have a CA signed certs in the proxy that would fool the browser? – JonLord – 2019-09-24T05:34:46.360

0

HTTPS via a proxy uses a command called "CONNECT". This is called tunneling, and uses an HTTP request message using the CONNECT verb to set up a relay between the client and the requested server:port. The proxy makes the connection, indicates the connection to the client (e.g. sends back 200 Connection OK) and then gets out of the way.

From this point, the client has a relayed connection to the end server, similar to if it had connected directly without a proxy. This is used to set up a SSL/TLS layer over which the subsequent encrypted http requests are made.

Adrien

Posted 2016-07-10T01:30:54.600

Reputation: 1 107

0

A HTTPS proxy server is nothing different from a HTTP proxy server, except that with HTTPS proxy, brower to proxy server connection is encrypted.

But you need to deploy a certificate on your proxy server, like how a https website does, and use a pac file to configure the brower to enable Connecting to a proxy over SSL.

The difference is for example, with https proxy server, a firewall can't not see which host you use CONNECT method connect to.

For more details and a practical exmaple, see my question and answer here https://stackoverflow.com/questions/56981993/https-proxy-server-only-works-in-switchomega

Rick

Posted 2016-07-10T01:30:54.600

Reputation: 146

Asked: 2016-07-10T01:30:54.600

Viewed: 3 045 times

Active: 2019-07-12T03:56:14.567