BYTE.com
RSS feed
Archives
Columns
Features
Print Archives 1994-1998
Special
Michael Abrash's Graphics Programming Black Book
101 Perl Articles
About Us
Write to BYTE.com
Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
Email Address
First Name
Last Name




 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE    
BYTE.com > Tangled in the Threads > 2001 > February

A Window Into Encrypted Client/Server Conversations

By Jon Udell

February 14, 2001

(SSL Proxying :  Page 2 of 3 )



In this Article
SSL Proxying
A Window Into Encrypted Client/Server Conversations
Do-It-Yourself SSL Proxying?
To watch SSL traffic in Proxomitron, configure your browser to also proxy secure traffic.

In Netscape, that's Edit->Preferences->Advanced->Proxies->Manual Configuration->View->Security. In MSIE, if you established 8080 for normal Web traffic, you're already proxying secure traffic as well (and, indeed, you have to use Tools->Internet Options->Connections->LAN Settings->Proxy Server->Use a Proxy Server->Advanced to disable SSL proxying).

Here's that same POST request, on the secure side of my Apache server, with the only difference being the bolded SSL cipher signature: 

SSL cipher SSLv3 EXP-RC4-MD5 (128 bits)
POST /cgi-bin/test HTTP/1.0
Connection: keep-alive
Referer: http://udell.test/test.html
User-Agent: Mozilla/4.5 [en] (WinNT; I)
Host: udell.test
Content-type: application/x-www-form-urlencoded
Content-length: 7
Posting 7 bytes...
foo=bar

That's all there is to it! Now, the browser's secure traffic flows to Proxomitron. It decrypts that traffic, so you can see it in the log window, and then re-encrypts it to the destination server. Coming back the other way, it decrypts the server's responses, so you can see them in the log window, then re-encrypts them to complete the secure loop back to the browser.

It's really quite amazing, and amazingly useful. Automation tasks that used to look like more trouble than they were worth -- for example, driving a HotMail or E*Trade account from a script -- suddenly look easy.

Does this make a mockery of the notion of a secure channel? I don't think so. Your browser only connects to an SSL proxy if you tell it to. And when it does, the process is not seamless -- nor should it be. If you use the default certificate that comes with Proxomitron, your browser will challenge you for two reasons. First, because that certificate is self-signed, not signed by one of the certification authorities (e.g. VeriSign, Thawte) your browser is hardwired to trust. Second, because the name in that certificate won't match the name of the secure site you're going through Proxomitron to get to.

Previous page Page 2 of 3 Next page


BYTE.com > Tangled in the Threads > 2001 > February
Dr. Dobb's Media Center
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE: Volume 2 - Heuristic Algorithms
The Best of BYTE: Volume 2 - Heuristic Algorithms
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.

© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media Limited
Site comments: webmaster@byte.com
Web Sites: BYTE.com, dotnetjunkies.com, Dr. Dobb's Journal, SD Expo, Sys Admin, sqljunkies.com, Unixreview



MarketPlace
Automatically capture customer crash data, no debugger required. Support for .NET, C++, OS X, Java.
Develop 10 times faster ! ALM, IDE, .Net, RAD, 5GL, Database, 5GL, 64-bit, etc. Free Express version
Easily create an automated, repeatable process for building and deploying software.
AdminiTrack offers an effective web-based bug tracking system designed for professional software development teams.
Develop distributed systems conforming to open standards like CORBA and Web Services faster with SANKHYA Varadhi - The Digital Bridge.
Wanna see your ad here?
 

web2