Presumably the point of this exercise is to be able to analyze normally encrypted traffic. It would be easier to write a proxy that simply negotiated with the server as a client and with the browser as a server. Sure, the browser would detect that the "server" certificate was incorrect (actually a certificate stored on the proxy) but you can choose to ignore this error from the browser. Then it is simply a matter of logging the request/reply pairs.
Christopher Bibbs > -----Original Message----- > From: Mike Alberghini [mailto:sysmda@;zim.gsu.edu] > Sent: Wednesday, November 13, 2002 1:26 PM > To: [EMAIL PROTECTED] > Subject: Is a https proxy possible? > > > We are trying to set up a system where a server can act as a > proxy for > http, while automaticaly encrypting all proxied communication > via https. > > For example: > > (web server) <--https--> (proxy) <--http--> (browser) > > The whole point of this is to be able to analyze the > unencrypted network traffic between the proxy and the browser. > > Is this even possible? If it is, what would you suggest I > use to implement it? > > -- > Mike Alberghini > Georgia State University > Software System Engineer Associate > [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
