SSL Server needs access to raw HTTP data (Request for adivce)

[Richard Powell]

Thanks for the responses.  I found the solution thanks to one of the
suggestions off this list.

Basically, just setup stunnel to accept the encrypted stream and forward
it to a clear server and then sniffed the stream.

Thanks again
Richard

On Sat, 2007-01-13 at 19:03 -0800, Richard Powell wrote:
> Hello,
> 
> I was hoping someone on this list could provide me with a link to a tool
> that would enable me to dump the raw HTTP data from a web request that
> uses SSL/HTTPS.  I have full access to the server, but not to the
> client, and I want to know exactly/precisely what the client is
> transmitting.
> 
> I've considered a few options, including....
> 
>  eg... using apache_request_header() from php
>     Need to have php installed as module, which I don't.
>     Also, not sure it would give me the complete RAW stream that I want
>     and didn't want to waste my time installing a test server if it
>     wasn't going to fully work.
>  eg... tried using "openssl s_server -accept 443 -WWW -debug -msg
>     This option didn't seem to display/dump the raw HTTP stream.
>     I could not locate an option that would enable seeing this
>     information.
> 
> I've been searching google for hours for some sort of tool to no avail.
> 
> If I don't find a reasonable/quick option, my next solution is going to
> be to hack the s_server.c file from openssl and add the necessary
> statements to dump the desired stream.  I'm not too excited about this
> option, but I suppose if that's the best option I have, then so be
> it.  :)
> 
> Thanks in advance for any advice.
> Richard
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com