Sneaky: A Translating Proxy for the ages

Sneaky is an open-source proxy server designed to enable legacy web browsers on outdated operating systems to access modern websites. It achieves this by translating HTTP requests from the client to HTTPS requests to the server, while rewriting responses to ensure compatibility with older clients that lack support for modern encryption protocols.^[1]

The project was initially developed with assistance from Grok AI, an artificial intelligence system created by xAI.^[2]

Sneaky functions as a simple HTTP proxy that:

• Accepts plain HTTP requests (including GET, POST, CONNECT) from legacy clients.
• Connects to target servers using HTTPS.
• Requests and handles compressed responses (gzip/deflate) from upstream servers.
• Decompresses the responses and rewrites any HTTPS links or references to HTTP in Location headers, HTML attributes, and meta refresh tags.
• Returns uncompressed HTTP responses to the client.

This setup is particularly useful for browsers like Netscape Communicator running on systems such as OS/2, which do not support modern TLS/SSL requirements of contemporary websites.^[1]

The proxy is implemented in Python and runs as a standalone server. It listens on port 8080 by default and can be configured in the browser's proxy settings.

To use Sneaky, clone the repository and run the script:

git clone https://gitea.oisec.net/cliff/sneaky.git
cd sneaky
python3 sneaky.py

The proxy will start listening on 0.0.0.0:8080. Configure your legacy browser to use this as an HTTP proxy, for example:

• In Netscape Navigator 4: Edit → Preferences → Advanced → Proxies → Manual Proxy Configuration → HTTP Proxy: 127.0.0.1 Port: 8080

Once running, the browser should be able to access HTTPS sites via the proxy.

Sneaky uses Python's standard libraries along with urllib, ssl, gzip, and zlib for handling requests and compression. Key components include:

• Request Handling: The ProxyRequestHandler class extends BaseHTTPRequestHandler to process various HTTP methods.
• CONNECT Method: For tunneling, it establishes an SSL connection to the target and relays data.
• Response Rewriting: Regular expressions are used to replace https:// with http:// in HTML attributes, naked URLs, and meta refresh tags.

Example of URL rewriting regex:

ATTRIBUTE_HTTPS_RE = re.compile(
    r'(?is)(href|src|action|data|data-original|data-src|poster|background|cite|longdesc|usemap|'
    r'formaction|codebase|profile|archive|code|object|applet|embed|param\s+value|'
    r'meta\s+content\s*=\s*["\']?0;\s*url\s*=\s*)(https://)'
)

This pattern matches common HTML attributes that may contain URLs and replaces https:// accordingly.

• No support for modern features like HTTP/2 or WebSockets.
• Potential issues with sites using strict security policies (e.g., HSTS).
• The proxy does not handle authentication or advanced proxy features.

• Official Repository
• Proxy server on Wikipedia
• OS/2 on Wikipedia
• Netscape Communicator on Wikipedia