Hi Eric, Ha, I am sure you are correct, I'm trying to snoop so tunnelling is no good to me, hence I think in terms of the proxy masquerading as a secure server to the client and a secure client to the remote server.
I guess I should keep quiet on the things where I only know a bit. I could be rude and say "go and get a girlfriend instead of reading rfcs", but I've got rfc 2616 on my desk and I actually used it just a few days ago to solve a problem. ( we're big into conditional websucking here ). > If all you want to do is sniff, why not just use ssldump Cos I want the transaction to continue on to the remote server . ( I doubt there's a magic bullet - I've put about 2 full weeks into this now . ) It's true that I could use ssldump and bodge it somehow, but I want ( need ) programmatic control throughout. I want to run through a motor insurance website quote engine ( 10 pages, 30 questions !! ), and dump the entire transaction into a text file just for programmers to look at, so that we can reproduce what the browser sent to the site. I can of course manually take the html apart, but that's longwinded - or go through the site page by page, and use ssldump at the end of each page - , but that will take a long time because ( I expect ) , I will lose the ssl connection to the secure server and will have to start again from the beginning for the next page- also there will be the issue that the browser knows it is having a secure transaction with site xyz, and will drop the connection if it feels that it's been put into my local linux box instead.( to use ssldump ) - best to do it properly from the start, then I have a tool that I can use over and over. Do you then, perchance, know why I am having difficulties snooping an https request from IE6 on a local windows client ( proxied via a linux box which is running the https-proxy-sniff utility from Net_SSLeay.pm ) ? The sniffer ( secure proxy ), which is https-proxy-sniff, successfull snoops request from local linux machine made with say lynx or wget, so its basically working, I expect that Bill's men have done something odd and counter-intuitive with IE6. I only replied to Cheers Simon Clewer Superquote.com Ltd Tel 07967 651 493 ----- Original Message ----- From: Eric Rescorla <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 25, 2002 6:25 PM Subject: Re: > "POP account for superquote.co.uk" <[EMAIL PROTECTED]> writes: > > To proxy an https the proxy MUST decrypt the message ( or it cannot > > understand the request ), so it MUST be the secure sever for the client ( or > > it will not have the key to decrypt ) and then the proxy MUST re-encrypt and > > then become the client for a connection with the remote server. > No. The standard procedure for proxying HTTPS is for the client > to tell the proxy to open a tunnel for uninterpreted data. This is > done with the HTTP CONNECT request. See RFC 2817. This is also > described in "SSL and TLS". > > > I hope I have understood your problem and helped, if not - sorry for wasting > > your time. > > > > I'm trying to snoop a secure transaction, using https-proxy-snif.pl from > > Net_SSLeay.pm and I cannot get it to work for requests coming from IE6 on a > > windows client on the local ( private ) network - it works for requests from > > a linux client running on the same machine as the proxy, so the code is > > basically correct. I've written into the newgroup 2 times, but nobody has > > been able to answer my problem. > If all you want to do is sniff, why not just use ssldump > http://www.rtfm.com/ssldump. > > -Ekr > > -- > [Eric Rescorla [EMAIL PROTECTED]] > Author of "SSL and TLS: Designing and Building Secure Systems" > http://www.rtfm.com/ > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
