What does it mean for proxy server to be of "HTTPS" type?

2

1

What does it actually mean for proxy to be "HTTPS proxy"? On the internet you can find many sites with free public proxies and some of them allow you filter them by their type.

While I understand how regular HTTP proxy works, how it's different compared to HTTPS proxy?

Is HTTPS proxy the one that allows accessing sites that are https:// (via CONNECT tunnel to port 443)?

What happens when I try to access regular http:// site via HTTPS proxy, is the connection between my computer and proxy server encrypted? Or it goes all the way in plain text?

My thinking is that:

  • HTTP proxy allows regular methods like GET, POST etc.
  • HTTPS proxy allows regular methods but also allows CONNECT *:443 method.

stil

Posted 2017-04-06T16:16:25.913

Reputation: 252

you could use a program like wireshark to see what's going on, and simple programs like analogx proxy to set up your own https proxy.. And if wireshark in windows has any issue with accessing 127.0.0.1 you could use 2 or 3 computers.. one for the client that initiates the connection, one for the https proxy, and one for the web server, and run wireshark on all of them filtering to see exactly what's going on. So filtering to only view ports 80 and 443 and filtering to only show IPs of those 3 computers. – barlop – 2017-04-06T16:22:43.303

I'm not sure off hand a little program to set up an https server, but "brs webweaver" or ritlabs tinyweb. There is a ritlabs tinyssl which i guess is their https version, but I haven't tried it and it takes more effort to configure.. And analogx proxy as mentioned. ccproxy is another. It should be easy to test connecting through an http or https proxy to an http site. And you could let wireshark view a connection of yours to an https server of somebody else. – barlop – 2017-04-06T16:38:19.243

I think it's based on the context. A HTTP proxy can support http request and https request (through a tunnel) as long as the server implements both. But you can connect to the proxy server over SSL, which is nothing different from connecting to an ordinary HTTP proxy except that brower to proxy connection is encrypted. Check my answer here https://stackoverflow.com/a/56999310/5983841 you can get more info.

– Rick – 2019-07-12T02:10:17.007

Answers

2

A proxy can be both an HTTP proxy and an HTTPS proxy if it supports the CONNECT command. If it does not support the CONNECT command, it can only do HTTP.

During normal operation, the HTTP proxy receives the HTTP request, and is "smart enough" to understand it and so is able to optimize operations via methods such as searching its cache to serve the response without going to the destination server, or consulting a white-list/black-list to see if this URL is allowed, etc.

In CONNECT mode, none of this happens. The proxy establishes a TCP connection to the destination server, and simply forwards all traffic from the client to the destination server and all traffic from the destination server to the client. That means that any TCP protocol can work (HTTPS, SSH, FTP - even plain HTTP), as the proxy then becomes just a simple dumb pipe.

harrymc

Posted 2017-04-06T16:16:25.913

Reputation: 306 093

Asked: 2017-04-06T16:16:25.913

Viewed: 178 times

Active: 2017-04-06T18:11:19.060