You cannot snoop a secure https transaction without somehow pretending to be the destination host. To do that requires the cert, which is public, and private key, which you will not have. The proxy acts as an SSL transport only, after establishing the initial socket connection to the destination host. It's sole purpose is to send and receive the encrypted packets between the two communicants. It has zero knowledge of the conversation taking place. Logging the packets sent and received is one thing. Making sense of the data contained therein is something completely different.
-----Original Message----- From: POP account for superquote.co.uk [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 12:54 PM To: [EMAIL PROTECTED] Subject: Re: Hi Simon, I'm also trying to proxy ( and snoop ) a secure https transaction. If I understand what you are doing, then it will not work. If I understand correctly, you are sending a secure transaction via a proxy without having sorted out the proxy. The proxy will just receive a pile on encrypted junk which it cannot deal with. To proxy an https the proxy MUST decrypt the message ( or it cannot understand the request ), so it MUST be the secure sever for the client ( or it will not have the key to decrypt ) and then the proxy MUST re-encrypt and then become the client for a connection with the remote server. I hope I have understood your problem and helped, if not - sorry for wasting your time. I'm trying to snoop a secure transaction, using https-proxy-snif.pl from Net_SSLeay.pm and I cannot get it to work for requests coming from IE6 on a windows client on the local ( private ) network - it works for requests from a linux client running on the same machine as the proxy, so the code is basically correct. I've written into the newgroup 2 times, but nobody has been able to answer my problem. Cheers Simon Clewer Superquote.com Ltd Tel 07967 651 493 ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 4:04 PM > Hi, > > I am having problem to send a https request through > our proxy server with Perl using LWP:useragent and > Crypt::SSLeay. Everything just work fine without going > through the proxy server and got the '400 URL format > not support error' with the proxy server turn on. > > I have the latest version perl and ssleay downloaded > from Activestate and installed on my WinNT 4.0 > workstation. The test code is as follows. > > Your help is greatly appreciate. Thx. > > Simon > > ##### > use LWP::UserAgent; > use Crypt::SSLeay; > > my $ua = LWP::UserAgent->new; > $ua->proxy([qw ( http https ) ], > 'http://gateway.bz:8000'); > > my $req = HTTP::Request->new(GET => > 'https://www.helsinki.fi/'); > > # my $req = HTTP::Request->new(GET => > 'http://www.msn.com/'); this one work fine > > my $res = $ua->request($req); > > if ($res->is_success) { > print $res->as_string; > } else { > print "Failed: ", $res->status_line, "\n"; > } > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Movies - coverage of the 74th Academy Awards® > http://movies.yahoo.com/ > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ***************************************************************** DISCLAIMER: The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
