Intercept and DECRYPT HTTP/S requests

From: Rogan Dawes (discard_at_dawes.za.net)
Date: 04/29/04

• Next message: Joona I Palaste: "Re: Don't do this at home"
• Previous message: ko021_626_at_hotmail.com: "Scaling PNG image"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 29 Apr 2004 18:38:21 +0200

Hi folks,

Attached (hopefully, if the group allows attachments) is a useful tool
for dumping http and https connections. Possible uses for this program are:

Security: by viewing exactly what is passing between the browser and the
server, you can get a better understanding of how a particular web site
functions, the existence or non-existence of parameters, etc.

Troubleshooting/debugging: by viewing exactly what is passing between
the browser and the server, you can compare conversations that work vs.
conversations that don't work. c.f a recent discussion about PDF's and
the Adobe plugin working via Tomcat direct, but not when tomcat is
fronted by Apache.

One limitation is that it requires an upstream proxy to talk to.
Examples that should work include muffin, rabbit, squid,
apache/mod_proxy, etc. Configuring this upstream proxy is outside of the
scope of this document.

How it works:

The main class is Listener.java. It opens a ServerSocket on the port you
specify, and listens for HTTP requests. It reads the request line, and
any headers that follow. At the same time, it logs everything that it
reads to a file in a log directory. If the rquest line is a CONNECT
request, it negotiates an SSL connection with the browser, and another
one with the server, so that it can see the decrypted traffic.

It then forwards everything that it reads from the browser to the
upstream proxy, and copies everything that the server sends back to the
client, all the while keeping a copy of the traffic in the log directory.

You can run it like:

java Listener 8008 myproxy.mydomain.com 3128

Or you can edit config.txt to suit, and run it like

java Listener config.txt

If the attachments get dropped, mail me at nntp AT dawes DOT za DOt net
for a copy.

Have fun.

Rogan

-- 
Rogan Dawes
*ALL* messages to discard@dawes.za.net will be dropped, and added
to my blacklist. Please respond to "nntp AT dawes DOT za DOT net"

• application/x-zip-compressed attachment: logproxy.zip

• Next message: Joona I Palaste: "Re: Don't do this at home"
• Previous message: ko021_626_at_hotmail.com: "Scaling PNG image"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: How to write something to a html textfield and send it? ... > No need for controlling any particular browser. ... I'm not familiar with HTTP user ... and building the request in your program. ... The server doesn't know anything about a textfield; ... (comp.programming) Re: LSP HTTP redirecting ... In WSPSend you have access to the data that is being passed over the net, ... that means all the HTTP traffic is vizible to you. ... If you want to redirect the browser write proxy server. ... (microsoft.public.win32.programmer.networks) Re: writing a proxy .. ... I redirect my browser to the local server and re-route the HTTP ... Socket orig; ... (comp.lang.java.programmer) Re: IIS replacing blanks ... Can you give the exact filename you are trying to access via the browser? ... And are you trying to retrieve it from a web server via HTTP or what ... HTTP URLs cannot have spaces in it, so it is translated to %20 by the client ... (microsoft.public.inetserver.iis) RE: Outlook RPC over HTTp deosnt work ... try to use RPC over HTTP to connect the Exchange Server. ... What SBS is running on the problematic Server? ... (microsoft.public.windows.server.sbs)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint