SSL Server needs access to raw HTTP data (Request for adivce)

Richard Powell crypto at hackhawk.net
Sun Jan 14 21:04:10 EST 2007


On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
> I was hoping someone on this list could provide me with a link to a tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS.  I have full access to the server, but not to the
> client, and I want to know exactly/precisely what the client is
> transmitting.
<snip>
> ... my next solution is going to
> be to hack the s_server.c file from openssl and add the necessary
> statements to dump the desired stream. 

As it turns out, getting the 1st line of the get/post was relatively
easy using s_server from openssl.  Basically, there's a BIO_gets() that
reads the 1st line of input.  All I had to do was add a BIO_dump() and
recompile.

Unfortunately, I can't figure out how to get the subsequent lines from
the client (ACCEPT, REFERER, etc...).  I assumed I could just do
BIO_gets() until zero bytes were returned, but zero bytes are always
returned after the 1st call to the function.

I suppose I'll locate an openssl list and seek help there. :)  Unless
someone happens to know the answer.

Thanks
Richard


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list