Squid setup for SSL sniffing

Download source code of Squid from http://www.squid-cache.org/Versions/. I used version 3.5.3 that is her http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.3.tar.gz

Prepare the environment to build (Ubuntu)

Configure Squid

cd ~/squid/squid-3.5.3

./configure — with-openssl — enable-ssl-crtd

Build Squid


sudo make install

It will install everything to /usr/local/squid

Change config file to allow connection from your or other machine and configure SSL bumping. Here is an example of working squid.conf

Generate SSL certs

Generate the certificate for client Browsers

Import the Certification Authority fail myCA.der into your browser (you need to do this only once)

For example, in FireFox:

1. Open ‘Preferences’

2. Go to the ‘Advanced’ section, ‘Encryption’ tab

3. Press the ‘View Certificates’ button and go to the ‘Authorities’ tab

4. Press the ‘Import’ button, select the .der file that was created previously and press ‘OK’

Create SSL Cache folder and change permissions

Allow access to the log folder

sudo chmod 777 /usr/local/squid/var/logs

Start the magi-sty Squid

sudo /usr/local/squid/sbin/squid start

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.