Re: HTTP body capture with LiveHTTP Headers ?
Nadav Har'El wrote: > > On Mon, Jul 12, 2004, Ira Abramov wrote about "Re: HTTP body capture with LiveHTTP > Headers ?": > > you could probably record the entire stream of an HTTP session by using > > netcat as a "proxy". however for SSL sessions you need to know the > > server key. Mercury has a product that does that, it was developped by > > one Adi Stav who is probably not on the list these days. he was thinking > > about rewriting this code under GPL but this has not happend yet AFAIK. > > The product you describe might be useful while debugging the *server*, > when you might have a copy of its key. It is not very useful when you're > trying to debug a client (e.g., develop a script which automates the use of > some site), and you don't have a key. > > A proxy-like solution can be used, however: the proxy can act as a terminator > for both sides, checking the authenticity of the server, but presenting its > own key to the client. In this case the client needs to recognize this proxy > key as a valid one (for all sites), but this should be easy to do. I don't > know if any available web-proxies can be easily set up to perform this sort > of "man in the middle" task. It's true only for reverse proxy, because a forward proxy already gets a CONNECT request in the first time, and can't do anything with it (except for being a "tunnel" that can't read the encrypted traffic it passes). As to reverse proxy, it is supported under Apache. In the beginning, it required you to compile mod_ssl with the EXPERIMENTAL flag, but now, with Apache 2, it is standard and doesn't require any special compilation in order to work (see the SSLProxyEngine directive for more details). I don't have any clue regarding Squid. -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: HTTP body capture with LiveHTTP Headers ?
On Mon, Jul 12, 2004, Ira Abramov wrote about "Re: HTTP body capture with LiveHTTP Headers ?": > you could probably record the entire stream of an HTTP session by using > netcat as a "proxy". however for SSL sessions you need to know the > server key. Mercury has a product that does that, it was developped by > one Adi Stav who is probably not on the list these days. he was thinking > about rewriting this code under GPL but this has not happend yet AFAIK. The product you describe might be useful while debugging the *server*, when you might have a copy of its key. It is not very useful when you're trying to debug a client (e.g., develop a script which automates the use of some site), and you don't have a key. A proxy-like solution can be used, however: the proxy can act as a terminator for both sides, checking the authenticity of the server, but presenting its own key to the client. In this case the client needs to recognize this proxy key as a valid one (for all sites), but this should be easy to do. I don't know if any available web-proxies can be easily set up to perform this sort of "man in the middle" task. -- Nadav Har'El| Tuesday, Jul 13 2004, 24 Tammuz 5764 [EMAIL PROTECTED] |- Phone +972-523-790466, ICQ 13349191 |Attention: There will be a rain dance http://nadav.harel.org.il |Friday night, weather permitting. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: HTTP body capture with LiveHTTP Headers ?
Quoting Dan Kenigsberg, from the post of Mon, 12 Jul: > I've been using http://livehttpheaders.mozdev.org/ for quite awhile now, > whenever I needed to understand a naughty web site. > > I know that the name of the package suggests otherwise, but does anyone here > knows if I can capture the bodies of HTTP requests/responses too? This would be > even more helpful when it's HTTPS. > > I know that I have the code, and could change it myself in principle, but the > relationship of me and chrome is a series of failures. :( you could probably record the entire stream of an HTTP session by using netcat as a "proxy". however for SSL sessions you need to know the server key. Mercury has a product that does that, it was developped by one Adi Stav who is probably not on the list these days. he was thinking about rewriting this code under GPL but this has not happend yet AFAIK. -- so unique it hurts Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: HTTP body capture with LiveHTTP Headers ?
> Install eclipse 2.x and the solex plugin ( http://solex.sourceforge.net/ ). > It lets you capture the entire session, headers & bodies. It also lets > you replay it. > It works by serving as a proxy for the browser (whatever browser you use). I believe that a proxy cannot see what's going on inside an HTTPS session, and therefore such tool is of lesser value for me. But thank you. -- Dan Kenigsberghttp://www.cs.technion.ac.il/~dankenICQ 162180901 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: HTTP body capture with LiveHTTP Headers ?
Dan Kenigsberg wrote: I've been using http://livehttpheaders.mozdev.org/ for quite awhile now, whenever I needed to understand a naughty web site. I know that the name of the package suggests otherwise, but does anyone here knows if I can capture the bodies of HTTP requests/responses too? This would be even more helpful when it's HTTPS. I know that I have the code, and could change it myself in principle, but the relationship of me and chrome is a series of failures. :( Install eclipse 2.x and the solex plugin ( http://solex.sourceforge.net/ ). It lets you capture the entire session, headers & bodies. It also lets you replay it. It works by serving as a proxy for the browser (whatever browser you use). HTH, Arnon = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
HTTP body capture with LiveHTTP Headers ?
I've been using http://livehttpheaders.mozdev.org/ for quite awhile now, whenever I needed to understand a naughty web site. I know that the name of the package suggests otherwise, but does anyone here knows if I can capture the bodies of HTTP requests/responses too? This would be even more helpful when it's HTTPS. I know that I have the code, and could change it myself in principle, but the relationship of me and chrome is a series of failures. :( -- Dan Kenigsberghttp://www.cs.technion.ac.il/~dankenICQ 162180901 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
