OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Transparent SSL proxy exclude list
« previous next »
  • Print
Pages: [1]

Author Topic: Transparent SSL proxy exclude list  (Read 1448 times)

bobbythomas

  • Full Member
  • ***
  • Posts: 127
  • Karma: 5
    • View Profile
Transparent SSL proxy exclude list
« on: July 16, 2017, 09:50:31 am »
Hi,

I have been trying to setup transparent ssl proxy on my Opnsense VM and I was able to do that successfully, but the problem is with the exclude list. I am unable to use certain banking websites and apps as it is getting filtered. I tried adding their domain into the exclude list, but I am having difficulty in identifying the correct domains, is it possible to analyze the SSL sessions so that I can Identify the domain and add it to the exclude list. Does the packet capture feature work well with transparent ssl proxy?

Thank you,
Regards,
Bobby Thomas
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2436
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Transparent SSL proxy exclude list
« Reply #1 on: July 16, 2017, 10:11:37 am »
I would suggest you to open the developer tools of your browser, open the network tab and reload the page. If you do that, you will see all HTTP requests done by the page. You should be able to find the domain names as well.

For example the OPNsense forum (using Firebug in Firefox) is in the attachment.
Logged

bobbythomas

  • Full Member
  • ***
  • Posts: 127
  • Karma: 5
    • View Profile
Re: Transparent SSL proxy exclude list
« Reply #2 on: July 17, 2017, 04:16:26 pm »
Thank you Fabian for the suggestion, I was able to figure out domaiin details using the browser, but I am still having issuues with my Android banking app which shows network error. I believe it's pointing to some other domain and since I have to access it through the app it's failing. Any ideas? Do I need to perform a TCPdump or packet capture?

Thank you,
Regards,
Bobby Thomas
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2436
  • Karma: 171
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Transparent SSL proxy exclude list
« Reply #3 on: July 17, 2017, 07:48:30 pm »
That's probably a good idea. You will have to capture port UDP/53 (DNS).
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Transparent SSL proxy exclude list
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2