On Mon, Jul 12, 2004, Ira Abramov wrote about "Re: HTTP body capture with LiveHTTP Headers ?": > you could probably record the entire stream of an HTTP session by using > netcat as a "proxy". however for SSL sessions you need to know the > server key. Mercury has a product that does that, it was developped by > one Adi Stav who is probably not on the list these days. he was thinking > about rewriting this code under GPL but this has not happend yet AFAIK.
The product you describe might be useful while debugging the *server*, when you might have a copy of its key. It is not very useful when you're trying to debug a client (e.g., develop a script which automates the use of some site), and you don't have a key. A proxy-like solution can be used, however: the proxy can act as a terminator for both sides, checking the authenticity of the server, but presenting its own key to the client. In this case the client needs to recognize this proxy key as a valid one (for all sites), but this should be easy to do. I don't know if any available web-proxies can be easily set up to perform this sort of "man in the middle" task. -- Nadav Har'El | Tuesday, Jul 13 2004, 24 Tammuz 5764 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Attention: There will be a rain dance http://nadav.harel.org.il |Friday night, weather permitting. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
