How to chain proxies with Firefox or Chrome?
I was able to setup Squid with SSL support in order to tell Chromium to encrypt the traffic between the browser and the proxy server. This works fine. But this requires direct access to the proxy server.
My problem: the proxy server itself can only be accessed through a proxy server.
How can I tell Chromium to use a proxy to connect to the proxy without installing additional tools like corkscrew?
Solution 1:
For your reference, a very similar question about Firefox specifically was asked here.
The short answer is you can't -- not without some external program. Neither Firefox nor Chrom(e,ium) support proxy chaining out of the box, and making such a low-level networking change to these programs without editing the source code is not possible to do with a browser extension.
Older versions of Firefox had a looser security model that allowed extensions to run just about any native code; these extensions could, in theory, open up a listening port locally and create a proxy within the Firefox process, which could then be chained with the proxy set in Firefox's settings to access the Internet. I am unaware of any extensions that specifically did that, however.
With the current version of Firefox and Chrome, their security model wouldn't allow that sort of thing to happen. So you would need to run some kind of a proxy program locally that would support proxy chaining.
For example, stunnel supports proxy chaining:
- Firefox settings point to localhost:1234 (where 1234 is the port that stunnel is listening on on your computer)
- When stunnel receives an HTTP connection request via the
CONNECT
verb from your web browser, it makes an HTTPS tunnel (authenticated by a client and server cert pair, if you wish) to a remote server and uses it as a general-purpose TCP proxy (or a different HTTP proxy that is routable from the route server) -- only requiring you to run an stunnel daemon on the remote host.
This would allow you to do something like:
Firefox -> localhost stunnel -> remote server stunnel -> remote server Squid/Privoxy/etc. -> Internet
There isn't a way to simplify the local side by removing stunnel with the two browsers you cited, unless you modify the source code of the browser to implement the capability and do a build.