Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Transparent SSL proxy exclude list
« previous
next »
Print
Pages: [
1
]
Author
Topic: Transparent SSL proxy exclude list (Read 4162 times)
bobbythomas
Full Member
Posts: 134
Karma: 5
Transparent SSL proxy exclude list
«
on:
July 16, 2017, 09:50:31 am »
Hi,
I have been trying to setup transparent ssl proxy on my Opnsense VM and I was able to do that successfully, but the problem is with the exclude list. I am unable to use certain banking websites and apps as it is getting filtered. I tried adding their domain into the exclude list, but I am having difficulty in identifying the correct domains, is it possible to analyze the SSL sessions so that I can Identify the domain and add it to the exclude list. Does the packet capture feature work well with transparent ssl proxy?
Thank you,
Regards,
Bobby Thomas
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Transparent SSL proxy exclude list
«
Reply #1 on:
July 16, 2017, 10:11:37 am »
I would suggest you to open the developer tools of your browser, open the network tab and reload the page. If you do that, you will see all HTTP requests done by the page. You should be able to find the domain names as well.
For example the OPNsense forum (using Firebug in Firefox) is in the attachment.
Logged
bobbythomas
Full Member
Posts: 134
Karma: 5
Re: Transparent SSL proxy exclude list
«
Reply #2 on:
July 17, 2017, 04:16:26 pm »
Thank you Fabian for the suggestion, I was able to figure out domaiin details using the browser, but I am still having issuues with my Android banking app which shows network error. I believe it's pointing to some other domain and since I have to access it through the app it's failing. Any ideas? Do I need to perform a TCPdump or packet capture?
Thank you,
Regards,
Bobby Thomas
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Transparent SSL proxy exclude list
«
Reply #3 on:
July 17, 2017, 07:48:30 pm »
That's probably a good idea. You will have to capture port UDP/53 (DNS).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Transparent SSL proxy exclude list