Re: Man in the middle proxy - Not working

Wed, 04 Aug 2010 01:31:24 -0700 

Thanks for all the response
1. I was able to do the handshaking successfully with the browser. On receiving the request from the browser I will send "HTTP OK " response back to the browser, I was able to do the handshaking and read the actual GET request. 2. Then I create a new socket to establish the connection with server. The connection was successful. 
           Sends the request to the server
           Reads the request from the server
When I read the response from the server it always return empty. I don't know what went wrong here. I am reading the data from the socket using 'recv' function. Can anybody tell me what went wrong 

Thanks,
Raj
Rajmohan SK
----- Original Message ----- From: "David Schwartz" <dav...@webmaster.com> 
To: <openssl-users@openssl.org>
Sent: Wednesday, July 28, 2010 1:07 AM
Subject: RE: Man in the middle proxy - Not working




Rene Hollan:


Oh! I totally misunderstood this.
I thought OP wanted to MITM SSL sessions (which is possible, if
(a) the traffic is decrypted, (b) certs are reissued and resigned,
and (c) the client TRUSTS the modified cert chain (typically its
root cert)).



This is just HTTPS Proxy. In which case other answers about
terminating the HTTP connection first are correct.


No, you were correct. He does want to MITM SSL sessions.
A MITM and a normal proxy operate precisely the same way up until the actual 
proxying part starts. His problem is earlier, when he establishes the
connection to the client, determines what host and port the client wants to 
talk to, and then switches to his SSL proxy/MITM capability.

All those steps are the same.

1) Accept plaintext connection.

2) Wait for client to send request.

3) Confirm CONNECT request, host and port valid.

4) Send 200 reply.

5) Make connection to host and port requested by client.

6) If normal proxying, begin proxying (copy ciphertext between client and
server). If MITMing, begin MITMing (do SSL negotiation with both client and 
plaintext, copy plaintext between client and server).

DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager majord...@openssl.org 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to