An HTTP proxy is a server that goes between the client browser and the destination web server. When a browser has been configured to use a proxy server, it performs all its requests to that server. The proxy sends the requests to the relevant web servers and forwards their responses back to the browser. Most proxies also provide additional services, including caching, authentication, and access control.
When a browser issues an unencrypted HTTP request to a proxy server, it puts the full URL into the request, including the protocol prefix “http://”, the server’s hostname, and the port number if this is nonstandard. The proxy server extracts the hostname and port and uses these to direct the request to the correct destination web server.
When HTTPS is being used, the browser cannot complete the SSL handshake with the HTTP proxy server, because this would break the secure tunnel and leave the connections vulnerable to capture attacks (MITM attacks). Hence, the browser must use the proxy as a pure TCP-level relay, which passes all network data in both directions between the browser and the destination web server, with which the browser performs an SSL handshake as normal.
To establish this relay, the browser issues an HTTP request to the proxy server using the HTTP CONNECT method and defining the destination hostname and port number as the URL. If the proxy passes the request, it returns an HTTP response with a 200 status, keeps the TCP connection open, and from that point onward acts as a pure TCP-level relay to the destination web server.