I've got a tool which I need to use with a https site, but it only supports http. I need some kind of proxy tool that can work as a man in the middle between my tool and the https site, making the requests seem like http to the tool. The connection would look like this:
Tool -> HTTP -> Proxy -> HTTPS -> Site -> HTTPS -> Proxy -> HTTP -> Tool
Does anyone know of a tool or something I can set up that will work for this purpose? I've already asked in a few IRC channels and searched Google, but I was honestly not sure how to word it when searching Google, and not sure which channel to ask in via IRC.
Any help would be greatly appreciated!
Fiddler (www.fiddler2.com) has this capability; you can change the URL from HTTP to HTTPS on the fly.
Try cUrl. If your tool works with stdin/out, You can pipe your tool's stdin/out through curl. Also there is the library (libCurl) that you can use from within your code, if needed.
WebScarab might do it for you. It can act as a man-in-the-middle and you can alter requests on the fly.
Got any objection to an entire copy of Apache httpd with mod_proxy operating as a reverse proxy? Plausible instructions here.
"Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code."
There is also a guide on their site to wrap HTTP requests with Stunnel.
Looks like this SSL MITM proxy can do exactly what you're asking.
Related
Is there a way to detect if someone has charles proxy or a network tracking app, tracking your program's requests/apis. And if so is there a way to prevent such a thing.
Just wanted a bit of insight into this, any information is much appreciated.
It's possible to achieve it: Here are two solutions I could think of
After the SSL finish, you can get the certificate and check whether or not it's a self-signed certificate. Then, you might reject the Request connection.
Use the SSL-Pinning technique that only accepts the certificate from your own and rejects others. It will prevent the app is intercepted from Charles Proxy or other Proxy tools like Proxyman, Fiddler, and Wireshark.
I am trying to use charles proxy, but after starting it as root, I still have only one sequence, but no more requests. why?
I think the problem is that your requester device does not have the proxy settings to reach CharlesProxy.
You can find instructions on how to configure your proxy settings on Chrome easily here.
I am currently working on a proxy. The software I use is 'Bettercap'. Personally, I like squid more, because its able to handle caching, and that makes things way faster.
The goal is to let https traffic pass through the proxy with no change, but inject a little js snippet in http content.
It should not be that complicated so SSl stripp and HSTS Bypass is not a must-have. Am I able to let the cache never expire, so that even when the proxy is turned off the script works?
How do I split the traffic up, so that no CA must be installed?
Alternatively, I could build a landing page to require the user to install the CA...
Thanks for your help!
I am quite new to HTTPS and can not get my head around it.
Can someone suggest good starting point for learning about HTTPS, certificates and signing?
Possibly with a working example in ASP.NET with IIS.
If all you are trying to do is have your site in HTTPS there is no code needed. All you need to do is set IIS to serve pages with HTTPS.
If that is all you want, you are better off asking this question in http://www.serverfault.com.
To get you started, here's a link on how to set https in iis 7: http://learn.iis.net/page.aspx/144/how-to-setup-ssl-on-iis-70/
HTTPS is just normal HTTP traffic that is encrypted using SSL/TLS. The protocol is fairly straightforward. I wrote a detailed blow-by-blow of what happens at the start of a connection on my blog: The First First Few Milliseconds of an HTTPS Connection.
It's unfortunate that the APIs built on top of the protocol are often much more complicated.
I need to track http/url requests & redirects from a windows forms application using C#. It should handle both IE & firefox. Not sure if Fiddler is open-source but if i'm not mistaken, it's written using .NET. Sample codes or online articles on how to listen to http/url requests & redirects will be appreciated.
Thanks!
Fiddler works as standard HTTP proxy. There is no magic here. See HTTP protocol for details. In both IE/Firefox, you need to set Fiddler (or your custom program) as proxy, and then browser will use it for all outgoing requests. Proxy is responsible for forwarding request to correct server, and returning response. Proxies are typically used for 1) caching, 2) controlling access (and avoiding firewalls), 3) debugging.
See also Open Source Proxy Library for .Net for .NET proxy library (just quick googling... I have no experience with it).
You'd probably be interested in the new FiddlerCore library: http://fiddler.wikidot.com/fiddlercore