SSL Server needs access to raw HTTP data (Request for adivce)
Richard Powell
crypto at hackhawk.net
Sun Jan 14 21:04:10 EST 2007
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
> I was hoping someone on this list could provide me with a link to a tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS. I have full access to the server, but not to the
> client, and I want to know exactly/precisely what the client is
> transmitting.
<snip>
> ... my next solution is going to
> be to hack the s_server.c file from openssl and add the necessary
> statements to dump the desired stream.
As it turns out, getting the 1st line of the get/post was relatively
easy using s_server from openssl. Basically, there's a BIO_gets() that
reads the 1st line of input. All I had to do was add a BIO_dump() and
recompile.
Unfortunately, I can't figure out how to get the subsequent lines from
the client (ACCEPT, REFERER, etc...). I assumed I could just do
BIO_gets() until zero bytes were returned, but zero bytes are always
returned after the 1st call to the function.
I suppose I'll locate an openssl list and seek help there. :) Unless
someone happens to know the answer.
Thanks
Richard
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list