Nadav Har'El wrote: > > On Mon, Jul 12, 2004, Ira Abramov wrote about "Re: HTTP body capture with LiveHTTP > Headers ?": > > you could probably record the entire stream of an HTTP session by using > > netcat as a "proxy". however for SSL sessions you need to know the > > server key. Mercury has a product that does that, it was developped by > > one Adi Stav who is probably not on the list these days. he was thinking > > about rewriting this code under GPL but this has not happend yet AFAIK. > > The product you describe might be useful while debugging the *server*, > when you might have a copy of its key. It is not very useful when you're > trying to debug a client (e.g., develop a script which automates the use of > some site), and you don't have a key. > > A proxy-like solution can be used, however: the proxy can act as a terminator > for both sides, checking the authenticity of the server, but presenting its > own key to the client. In this case the client needs to recognize this proxy > key as a valid one (for all sites), but this should be easy to do. I don't > know if any available web-proxies can be easily set up to perform this sort > of "man in the middle" task.
It's true only for reverse proxy, because a forward proxy already gets a CONNECT request in the first time, and can't do anything with it (except for being a "tunnel" that can't read the encrypted traffic it passes). As to reverse proxy, it is supported under Apache. In the beginning, it required you to compile mod_ssl with the EXPERIMENTAL flag, but now, with Apache 2, it is standard and doesn't require any special compilation in order to work (see the SSLProxyEngine directive for more details). I don't have any clue regarding Squid. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __________________________________________________________ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]