Skip to content

Instantly share code, notes, and snippets.

View index.html
<!DOCTYPE html>
<html prefix="og: http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml">
<head id="ctl00_ctl00_ctl00_head1"><meta charset="utf-8" /><title>
LP3: za nami 1998 notowanie - Trójka - polskieradio.pl
</title><link rel="preconnect" href="https://mc.yandex.ru" crossorigin="" /><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin="anonymous" /><link rel="preconnect" href="https://fonts.googleapis.com" crossorigin="" /><link rel="preconnect" href="https://ajax.googleapis.com" crossorigin="" /><link rel="preconnect" href="https://www.googletagmanager.com" crossorigin="" /><link rel="dns-prefetch" href="//fonts.googleapis.com" /><link rel="dns-prefetch" href="//static.prsa.pl" /><link rel="dns-prefetch" href="//static.polskieradio.pl" /><link rel="dns-prefetch" href="//cdn.prsa.pl" /><link rel="dns-prefetch" href="//cdn.polskieradio.pl" /><link rel="dns-prefetch" href="//api.polskieradio.pl" /><link rel="dns-prefetch" href="//apipr.polskieradio.pl" /><link rel="dns-prefetch"
@mkrawczuk
mkrawczuk / nginx-non-transparent-ssl-proxy.md
Created Jan 2, 2020 — forked from dannvix/nginx-non-transparent-ssl-proxy.md
Guide to set up nginx as non-transparent SSL proxy, which subsitutes strings in the server responses
View nginx-non-transparent-ssl-proxy.md

Use nginx as Non-Transparent SSL Proxy

Introduction

Many mobile apps have back-end API servers. They usually rely on the API replies to determine whether certain information is supposed to be shown. If the API responses could be manipulated on the fly, we may easily fool an unmodified app to expose some private data.

This manual guides you to set up nginx as non-transparent SSL proxy, which just subsitutes strings in the server responses (i.e. man-in-the-middle attack ourself). For both server-side (their API servers) and client-side (your device), the whole process is almost transparent.