I'm more looking at things like always adding extra headers such as auth tokens. I want to create some scripts that will go and get things like JWTs so I can run dumb tools through them and not have to worry about doing it by hand and then getting the tool to accept extra headers.
And I know there are other ways to do this, but this is more a curiosity project now, especially as it didn't work first time and there is a new protocol to learn. Robin On Fri, 7 Feb 2025, 21:12 Amos Jeffries, <squ...@treenet.co.nz> wrote: > On 8/02/25 04:35, Robin Wood wrote: > > Hi > > I wouldn't risk trying to do a production quality one server! > > > > I'm a security tester and I want a way to automatically modify traffic > > that I'm sending to and from sites. I've got plenty of other ways to do > > it, but as all my testing traffic already goes through a Squid box I > > just wanted to have a play to see if I could get it to do simple > > things like add a new header or something like that. > > Please be aware that Squid normalizes and performs security sanitization > on the HTTP messages that it receives. Regardless of whether they are > arrive from client, server, or ICAP. That means a lot of traffic > malformation needed for proper security tests will not work at all. > > > HTH > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
