Squid Cache Setup

squid cache | ssl bump | targeted mitm

tested on debian12 - squid v5.7

Install

from source

see from source

debian

apt update
apt install squid squid-purge squidclient
# squid-openssl --> see the other guide

squid -v

# debian 11 --> squid 4.13
# debian 12 --> squid 5.7

Setup

debian

we like to have it all in one file

cd /etc/squid/
cat conf.d/debian.conf >> squid.conf
rm -rf conf.d/

shared

cd /etc/squid/
mv -i squid.conf squid.conf.dist
grep -vE '^#|^$' squid.conf.dist > squid.conf.clean
grep -vE '^#|^$' squid.conf.dist > squid.conf
vi squid.conf

# ssh reverse shell
acl lan src 127.0.0.1/32

# virtualbox
#acl lan src 192.168.122.0/24

# dnc
#acl lan src 10.1.0.0/16

# first rule that matches (ipf-style)
http_access allow lan
http_access deny all

http_port 8080

# enable disk caching
cache_dir ufs /var/spool/squid 100 16 256

# those remain unchanged
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# debian package has logrotate
logfile_rotate 0

Ready to go

tail -F /var/log/squid/*log

systemd

systemctl restart squid.service
systemctl status squid.service # enabled already
netstat -lntup | grep :8080

from source

# default /etc/squid.conf
/usr/local/sbin/squid -z
/usr/local/sbin/squid --foreground

Acceptance

check you reach the plain-text proxy service

from a remote host

squid=x.x.x.x

nmap -p 8080 $squid

check the logs while proceeding

tail -F /var/log/squid/*.log

test HTTP traffic

curl --proxy $squid:8080 -I http://httpforever.com/

==> 200 OK and MISS then HIT in squid logs

test HTTPS traffic ON THE SAME SERVICE PORT

curl --proxy $squid:8080 -I https://nethence.com/

==> gives HTTP/1.1 200 + HTTP/2 200 and TCP_TUNNEL in squid logs

Resources

The Squid Configuration Manual http://www.squid-cache.org/Doc/config/

The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq

https://docs.diladele.com/faq/squid/index.html

setup

http://www.squid-cache.org/Doc/config/http_port/

https://www.digitalocean.com/community/tutorials/how-to-set-up-squid-proxy-on-ubuntu-20-04

auth

https://linuxize.com/post/how-to-install-and-configure-squid-proxy-on-ubuntu-20-04/

http://www.squid-cache.org/Doc/config/auth_param/

ops

https://wiki.squid-cache.org/SquidFaq/OperatingSquid

acceptance

Are HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables standard? https://superuser.com/questions/944958/are-http-proxy-https-proxy-and-no-proxy-environment-variables-standard

cache dir

https://superuser.com/questions/818668/where-does-the-squid-proxy-stores-its-cache-files

http://www.squid-cache.org/Doc/config/cache_dir/

https://github.com/mnot/squid-channels/

SSL offloading & reverse proxy (unused)

https://wiki.squid-cache.org/Features/HTTPS –> Direct TLS connection to a reverse proxy

http://www.squid-cache.org/Doc/config/https_port/

https://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

https://wiki.squid-cache.org/ConfigExamples/Reverse/HttpsVirtualHosting

https://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers

https://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess

alternatives

https://wiki.squid-cache.org/OtherHttpProxies