The goal of this article is to explain how a minimal HTTP/HTTPS proxy work.
For an HTTP proxy the communication is simple the client etablish a TCP connection to the proxy and send the HTTP request. The proxy will parse the HTTP request and forward it to the server. The server will reply with the HTTP response and the proxy will forward it to the client.
The main difference is the method will be followed by the full URL of the target server.
GET http://www.example.org/index HTTP/1.1 Host: example.org:443
When the client open the connection to the proxy he will send the CONNECT HTTP method followed by the host and port of the target server.
It’s a classic HTTP request with headers. The proxy will stop to parse once it has read the double CRLF.
CONNECT example.org:443 HTTP/1.1 Host: example.org:443
The proxy will reply with the status 200:
HTTP/1.1 200 OK
Now we have a bidirectional tunnel between the client and the server. The proxy in the middle will just forward the data and is not going to be able to read it.
The client will now send the TLS handshake to the server and the server will reply with the TLS handshake. Once it’s done the communication is etablished and the client can send the HTTP request to the server.