Re: HTTP body capture with LiveHTTP Headers ?

From: Eli Marmor (marmor_at_nonexisting.hamakor.org.il)
Date: Tue 13 Jul 2004 - 10:17:11 IDT

• Next message: Shachar Shemesh: "Re: socket shutdown and friends"
• Previous message: Ira Abramov: "Re: [OT] php3 app on php4"
• In reply to: Nadav Har'El: "Re: HTTP body capture with LiveHTTP Headers ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Nadav Har'El wrote:
>
> On Mon, Jul 12, 2004, Ira Abramov wrote about "Re: HTTP body capture with LiveHTTP Headers ?":
> > you could probably record the entire stream of an HTTP session by using
> > netcat as a "proxy". however for SSL sessions you need to know the
> > server key. Mercury has a product that does that, it was developped by
> > one Adi Stav who is probably not on the list these days. he was thinking
> > about rewriting this code under GPL but this has not happend yet AFAIK.
>
> The product you describe might be useful while debugging the *server*,
> when you might have a copy of its key. It is not very useful when you're
> trying to debug a client (e.g., develop a script which automates the use of
> some site), and you don't have a key.
>
> A proxy-like solution can be used, however: the proxy can act as a terminator
> for both sides, checking the authenticity of the server, but presenting its
> own key to the client. In this case the client needs to recognize this proxy
> key as a valid one (for all sites), but this should be easy to do. I don't
> know if any available web-proxies can be easily set up to perform this sort
> of "man in the middle" task.

It's true only for reverse proxy, because a forward proxy already gets
a CONNECT request in the first time, and can't do anything with it
(except for being a "tunnel" that can't read the encrypted traffic it
passes).

As to reverse proxy, it is supported under Apache. In the beginning, it
required you to compile mod_ssl with the EXPERIMENTAL flag, but now,
with Apache 2, it is standard and doesn't require any special
compilation in order to work (see the SSLProxyEngine directive for more
details).

I don't have any clue regarding Squid.

-- 
Eli Marmor
marmor_at_netmask.it
CTO, Founder
Netmask (El-Mar) Internet Technologies Ltd.
__________________________________________________________
Tel.:   +972-9-766-1020          8 Yad-Harutzim St.
Fax.:   +972-9-766-1314          P.O.B. 7004
Mobile: +972-50-23-7338          Kfar-Saba 44641, Israel
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il

• Next message: Shachar Shemesh: "Re: socket shutdown and friends"
• Previous message: Ira Abramov: "Re: [OT] php3 app on php4"
• In reply to: Nadav Har'El: "Re: HTTP body capture with LiveHTTP Headers ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.7 : Tue 13 Jul 2004 - 10:37:35 IDT