SSL Server needs access to raw HTTP data (Request for adivce)
Richard Powell
crypto at hackhawk.net
Sun Jan 14 22:12:45 EST 2007
Thanks for the responses. I found the solution thanks to one of the
suggestions off this list.
Basically, just setup stunnel to accept the encrypted stream and forward
it to a clear server and then sniffed the stream.
Thanks again
Richard
On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
> Hello,
>
> I was hoping someone on this list could provide me with a link to a tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS. I have full access to the server, but not to the
> client, and I want to know exactly/precisely what the client is
> transmitting.
>
> I've considered a few options, including....
>
> eg... using apache_request_header() from php
> Need to have php installed as module, which I don't.
> Also, not sure it would give me the complete RAW stream that I want
> and didn't want to waste my time installing a test server if it
> wasn't going to fully work.
> eg... tried using "openssl s_server -accept 443 -WWW -debug -msg
> This option didn't seem to display/dump the raw HTTP stream.
> I could not locate an option that would enable seeing this
> information.
>
> I've been searching google for hours for some sort of tool to no avail.
>
> If I don't find a reasonable/quick option, my next solution is going to
> be to hack the s_server.c file from openssl and add the necessary
> statements to dump the desired stream. I'm not too excited about this
> option, but I suppose if that's the best option I have, then so be
> it. :)
>
> Thanks in advance for any advice.
> Richard
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list