I have a use case where I would like to connect to a proxy server with HTTP
, but the underlying request is actually a GET
with HTTPS
. I have been reading When should one use CONNECT and GET HTTP methods at HTTP Proxy Server?, but I think i need some clarification. Since the underlying request is HTTPS
does this mean when I "connect" to my proxy server it will automatically open a CONNECT
and just pass through my HTTPS
request? My main concern is if I use HTTP
to connect to my proxy server, then the underlying HTTPS
request is somehow exposed until it hits the proxy server. Thanks in advance.
Yes, whatever your browser says inside a https session is encrypted before, during, and after it passes through a proxy. No, it is not exposed to a proxy. For a proxy, the HTTP CONNECT
means just "copy raw bytes around without any interpretation". The proxy does see in plain text the part of url that is in caps here: HTTPS://
EXAMPLE.COM:9443/secret/place. It doesn't see the rest of url or anything else; doesn't see headers or data. (If a proxy is really intrusive and decrypts and re-encrypts your session it is visible via a certificate. Your browser would need to be compromised to trust a man-in-the-middle certificate. Uncompromised browser quite visibly warns you.)
Practically, using http only between a browser and a proxy is presently the most popular way of proxying.
© 2022 - 2024 — McMap. All rights reserved.