https proxy

Alan Kennedy alanmk at hotmail.com
Wed Jul 28 14:05:44 CEST 2004


[Paul Sweeney]

>>I wish to access an https:// site using my browser and click around
>>it.  I wish to see the http(s) GET urls and http(s) POST urls and
>>data which are being sent to the https server.  If the site were an
>>http:// site I would use a tool like ethereal to see what was going
>>on, but this data is sent encrypted from the browser due to the
>>https connection, so I'll just see the encrypted data. So I need a
>>tool to view the unencrypted form of the data which is being sent
>>encrypted (sorry for being unclear about the "unecrypted data" in my
>>last post, I hope this is better).

[Paul Rubin]

> You could do that but I don't know of already-existing Python code
> that does it.  Basically it would be a man-in-the-middle attack against
> the browser/server pair:
> 
>   browser---(SSL)---proxy---(SSL)---server
> 
> There'd be two separate SSL sessions and the proxy would of course
> have to present its own server certificate to the browser, which you'd
> configure the browser to accept.  The server application could take
> various measures to detect this subterfuge and stop it from happening,
> but I doubt any normal server apps actually bother to do that.  It's
> not a true security break, since the browser user has to accept the
> proxy certificate, thereby giving "permission" for the interception.

Paul S,

Perhaps you could achieve what you want with Apache and mod_proxy?

http://httpd.apache.org/docs/mod/mod_proxy.html

Use (a HTTPS-configured) Apache to decode the requests with mod_proxy, 
and simply forward all requests to another plain (HTTP) python proxy 
of your choice. The ProxyRemote or ProxyPass directives could be used 
for that.

On looking at the ProxyRemote documentation, it states "only 'http' is 
supported by this module.'

However, a quick search turns up the following snippet, i.e. that 
Apache mod_ssl provides HTTPS support for mod_proxy.

 From the horses mouth, i.e. Ralf Engelschall: "when you want to 
forward to a HTTPS target you need HTTPS support in mod_proxy.
That's only possible with mod_ssl (which enhanced mod_proxy for 
HTTPS).  Then you can do all: Accept HTTP and HTTPS and connect
to HTTP and HTTPS targets, i.e. create gateways in all
combinations."

http://www.lists.aldigital.co.uk/apache-ssl/msg02860.html

HTH,

-- 
alan kennedy
------------------------------------------------------
check http headers here: http://xhaus.com/headers
email alan:              http://xhaus.com/contact/alan



More information about the Python-list mailing list