HTTP Connect is used for proxying HTTPS traffic. It tells the proxy that it should not interfere with the traffic, but merely forward the data to the destination. The proxy does not interfere with the HTTPS traffic as it would violate the SSL/TLS end-to-end security.
So proxy does not verify that the traffic being spoken is HTTPS itself. This introduces vulnerability that someone can take advantage of:
More details can be obtained at:
Hypertext Transfer Protocol -- HTTP/1.1
Tunneling TCP based protocols through Web proxy servers
HTTP proxy default configurations allow arbitrary TCP connections
I just got interested in this as I saw in some code that allows another protocol traffic through Proxy by using HTTP CONNECT. So I was wondering why Proxy is not looking for HTTPS headers in the packets. But this explains my query.
i am learning the basics.......!
Subscribe to:
Post Comments (Atom)
Blog Archive
I visit
About Me
- Anoop G
- Predictably Unpredicatble, lazy, careless, sincere, honest, caring, Trouble maker, emotional, likeable
No comments:
Post a Comment