install from romster
edit /etc/squid/squid.conf
edit only allow 10.0.0.0
edit folder to /srv/squid
edit /etc/passwd /srv/squid
https://www.smoothnet.org/squid-v3-5-proxy-with-ssl-bump/
http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/squid-transparent-proxy-http-https
# Generate Private Key
openssl genrsa -out machine.example.org.key 2048
# Create Certificate Signing Request
openssl req -new -key machine.example.org.key -out machine.example.org.csr
# Sign Certificate
openssl x509 -req -days 3652 -in machine.example.org.csr -signkey machine.example.org.key -out machine.example.org.cert
cat squid.key squid.crt > squid.pem
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/squid.pem
always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
chown -R squid.squid /var/lib/ssl_db
# Proxy Aware (non-intercepted traffic)
http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# Intercepted Traffic
https_port 192.168.0.1:3130 cert=/etc/squid/ssl/machine.example.org.cert key=/etc/squid/machine.example.org.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# SSL Bump Config
ssl_bump stare all
ssl_bump bump all
Tools Index
This is part of the Hive System Documentation. Copyright (C) 2018 Hive Team. See the file Gnu Free Documentation License for copying conditions.