Back in the mists of time, I used to use wwwoffle proxy. It was great for low-latency links, but also had the benefit of keeping an offline archive of whatever you'd browsed.
Project's still there, although not sure how well it does with the modern web.
Sadly, a lot of old-school proxies (squid, privoxy) are stymied by SSL/TLS connections.
I think we're due for the idea that a proxy can be designated as a trusted intermediary, most especially if it's run on a personal basis. I'm sure this presents security issues, but it also avoids some.
> I think we're due for the idea that a proxy can be designated as a trusted intermediary, most especially if it's run on a personal basis.
We have that idea now; you designate the proxy as a trusted intermediary by accepting its certificate. The chain looks something like this:
You: browser, take me to https://youtube.com
Browser: proxy, get me https://youtube.com
Proxy: YouTube, get me /
YouTube: I'm youtube.com -- here's a certificate signed
by the government of Egypt that proves it. And
here are the contents of /
Proxy (to browser): I'm youtube.com -- here's a
self-signed certificate attesting to
that. And here are the contents of /
Browser (to user): SECURITY ALERT! SECURITY ALERT!
Configure your browser to accept that certificate, and your proxy can handle its own connection to youtube and just pretend, to your browser, that it is youtube.
I'm answering based mostly on having read that link. It looks like the protection applies only in the case where an error is being surfaced. The problem Chrome wants to address is that users will click past the SECURITY ALERT.
If you properly configure your own CA, then the TLS error triggering this behavior won't occur, and there is no security problem for Chrome to put its foot down on -- your proxy is providing a valid certificate for whatever domain, as far as Chrome is concerned, not an invalid one.
> The Chrome browser picks up the certificate trust store from your host computer. By installing Burp's CA certificate in your computer’s built-in browser (e.g. Internet Explorer on Windows, or Safari on OS X), Chrome will automatically make use of the certificate.
> When the Burp CA certificate has been installed for your built-in browser, restart Chrome and you should be able to visit any HTTPS URL via Burp without any security warnings.
I think we're due for the idea that a proxy can be designated as a trusted intermediary, most especially if it's run on a personal basis. I'm sure this presents security issues, but it also avoids some.