Selective HTTPS proxy for web browsers

Andrew Dolgov 9804235dff fixes for new, yet another proxy API implementation in firefox 2 months ago
img 68a1c9814a add icons; ping check the proxy before setting 2 years ago
lib 248924f06f upd jquery 8 months ago
.gitignore faa67e3e26 initial work for jquery/codemirror; remove stock whitelist 10 months ago
README.md 80d0a015b9 Update 'README.md' 2 months ago
background.js 9804235dff fixes for new, yet another proxy API implementation in firefox 2 months ago
common.js 9804235dff fixes for new, yet another proxy API implementation in firefox 2 months ago
manifest.json 9804235dff fixes for new, yet another proxy API implementation in firefox 2 months ago
options.html faa67e3e26 initial work for jquery/codemirror; remove stock whitelist 10 months ago
options.js 24c1bf216f tiny change for jquery 3 8 months ago

README.md

Selective HTTPS proxy for Chrome/Firefox

Ensures connectivity for otherwise blocked websites by routing user-specified domains (optionally including subdomains) via a secure proxy.

Typically used with squid (ssl + basic auth) and nginx (should respond to /ping on proxy host:443 if proxy credentials are correct) - /ping is used to check connectivity.

You can use a different proxy and/or https server as long as it responds to extension as outlined below.

Squid example

sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

https_port 8443 generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=... key=... dhparams=... options=NO_SSLv3

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/users
auth_param basic realm proxy

...

acl authenticated proxy_auth REQUIRED

http_access deny CONNECT !SSL_ports
http_access deny !authenticated
http_access allow authenticated
http_access deny all

Your distro might ship Squid built without SSL support. In this case, you will need to rebuild it or obtain a different pre-built package.

Nginx example (for ping)

location /ping {
	auth_basic sample;
	auth_basic_user_file /etc/squid/users;

	try_files DUMMY @return200;
}

location @return200 {
	return 200 'pong';
}

License

GPLv3.