Is https://localhost:8080 expected to work?


#1

So the basic question is if http_proxy=http://localhost:8080; https_proxy=https://localhost:8080 is supposed to work (specifically for the https part)?

Here is how I can reproduce the problem:

  1. Start mitmproxy (`./mitmproxy``)
  2. Run this node.js code:
    var request = require('request');
    request.debug = true;
    
    process.env.NODE_TLS_REJECT_UNAUTHORIZED=0;
    process.env.https_proxy='http://localhost:8080';
    process.env.no_proxy="localhost"
    
    request({
      method: 'GET',
      uri: 'https://github.com',
      //proxy: 'http://localhost:8080',  // Works
      proxy: 'https://localhost:8080'  // Fails
    });
    
  3. The request hangs indefinitely
Any other comments? What have you tried so far?

Here is the event log with debug level turned on:

Using http://localhost:8080:

info: 127.0.0.1:59518: clientconnect
debug: ::ffff:127.0.0.1:59518: Set new server address: github.com:443
debug: ::ffff:127.0.0.1:59518: Establish TLS with client
debug: ::ffff:127.0.0.1:59518: request
  -> Request(GET /)
debug: ::ffff:127.0.0.1:59518: serverconnect
  -> ('github.com', 443)
debug: ::ffff:127.0.0.1:59518: Establish TLS with server
debug: ::ffff:127.0.0.1:59518: ALPN selected by server: -
debug: ::ffff:127.0.0.1:59518: response
  -> Response(200 OK, text/html; charset=utf-8, 56.75k)
debug: ::ffff:127.0.0.1:59518: serverdisconnect
  -> ('github.com', 443)
info: 127.0.0.1:59518: clientdisconnect

Using https://localhost:8080

info: 127.0.0.1:59587: clientconnect
debug: ::ffff:127.0.0.1:59587: Establish TLS with client
debug: ::ffff:127.0.0.1:59587: Set new server address: github.com:443
debug: ::ffff:127.0.0.1:59587: Establish TLS with client

At this point, it just hangs indefinitely.

I’m not sure if this is really a valid scenario for mitmproxy. My only motivation to try this out was because I’ve seen environments where http_proxy points to http://proxy:3128 and https_proxy points to https://proxy:3128 and was testing the same setup with mitmproxy.


#2

Hi, we currently don’t support TLS over TLS, which would be required for what Chromium is calling “Secure Web Proxy”. We do have plans to fix this, but for your specific use case (proxy running on localhost) it should not matter.

Cheers,
Max


#3

Thank you, @mhils, for the answer. I wasn’t sure if it was mitmproxy or the request npm module that was the problem. This clears it up.