Proxy HTTPS traffic without re-signing

[Kantaris]

I'm building a proxy to be run on my local machine that will log all domains accessed. Kind of the same way Fiddler works, but my program is more simple, I don't need to look at the data or decrypt anything.

I got this working fine for HTTP but for HTTPS it resigns the traffic with the self-signed certificate provided. This results in that the browser displays a warning. The same thing doesn't happen in fiddler unless you choose to decrypt HTTPS traffic.

So my question is: How do I proxy HTTPS traffic so that it is completely transparent for the web browser user?

[Rush]

HTTPS traffic will look like garbage to any monitoring application so you won't be able to distinguish domains without decrypting the traffic (requested domain is sent in HTTP headers). Your options:

• Proxy HTTPS to HTTPS (provide a valid certificate in the proxy, wastes resources)
• Proxy HTTPS to HTTP (faster, still needs valid certificate in the proxy and disable HTTPS in the application)

[Kantaris]

Proxy HTTPS to HTTPS seems like the way to go. I want everything to work exactly like if the proxy wasn't there