[Twisted-Python] Minitrue: implementing ICAP proxylet support, or implementing sslbump

Laurens Van Houtven _ at lvh.cc
Thu Sep 8 05:04:27 MDT 2011


Hi :)

Context for those who haven't heard of minitrue: it's a twisted powered HTTP
proxy that is designed to lie. It lets you modify requests and responses.

So far, it's been a mostly academic exercise, which I suppose could have
real-world applications. I'd like to learn some more about how to use
minitrue with SSL/TLS next.

I would like to use something like Squid's sslbump support. The easiest way
to do that would probably be to use ICAP and get minitrue to support
publishing request and response manglers as proxylets (which would be
Resources, sort of, since ICAP is kind-of HTTP. Whether I should write a
custom parser or leverage the existing HTTP support is something I'm not
entirely sure of yet. I suppose the two theses are not mutually exclusive).

Has anyone used twisted's proxy support with ssl? Ideally, I would let
minitrue take a ca cert, and have it create and sign the appropriate cert on
the fly; IIUC this is how content filtering proxies that support ssl right
now work.

cheers

lvh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20110908/9da4d910/attachment.html>


More information about the Twisted-Python mailing list