Ask Question Forum:
Model Library:2025-02-08:A.I. model is online auto reply
C
O
M
P
U
T
E
R
2
8
Show
#
ASK
RECENT
←
- Underline
- Bold
- Italic
- Indent
- Step
- Bullet
- Quote
- Cut
- Copy
- Paste
- Table
- Spelling
- Find & Replace
- Undo
- Redo
- Link
- Attach
- Clear
- Code
Below area will not be traslated by Google,you can input code or other languages
Hint:If find spelling error, You need to correct it,1 by 1 or ignore it (code area won't be checked).
X-position of the mouse cursor
Y-position of the mouse cursor
Y-position of the mouse cursor
Testcursor
caretPos
Attachment:===
Asked by duncanb7
at 2024-03-01 22:38:21
Point:500 Replies:10 POST_ID:828890USER_ID:11059
Topic:
Secure Socket Layer (SSL) & HTTPS;Apache Web Server;C++ Programming Language
In last week, I have studied http proxy & get simple example C++ code from internet
& run it on cmd.exe shell and I set the proxy setting on my firefox browser to
localhost and port 8080 for the C++ proxy program. When I type http://mylinuxsite.com on Firefox, the C++ program will echo out the site header info such as follows & then it will send the header info as request to the remote server(http://mylinuxsite.com) & get the repsonse, and send back to firefox browser through the program. So far so good. The C++ code is working completely & successfully.
Now I try to do the same for https/ssl site such as https://mylinuxsite.com, the same program is just looping sending header info to the server , the https/ssl header info is different attacted as follow (from previous http site),and no HTTPS response from the server. Why ? besides https://mylinux.com, all other https/ssl site ALSO not working through my proxy C++ program BUT works without proxy
on browser.
I have checked the first words of header is "CONNECT" that is for SSL conection
but I found one setting that is "Proxy-Connection: keep-alive",what is that ?
whether I could delete it & send the https header to server again that will work ?
Any suggestion or reason Why the program can NOT work for https/SSL site access ?
Be reminded: https//mylinux.com is working on Firefox browswer WIHTOUT proxy
after testing since I have already installed openSSL on my linux server
Question-2: I've checked the http method at http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html for "CONNECT" option, If https/ssl site need to do POST form request,
how to do that to set POST method option on header with "CONNECT" method together
for https site access ?
Hope you understand what I am asking, if not please pt it out
Duncan
Firefox header info for normal http
=============================
& run it on cmd.exe shell and I set the proxy setting on my firefox browser to
localhost and port 8080 for the C++ proxy program. When I type http://mylinuxsite.com on Firefox, the C++ program will echo out the site header info such as follows & then it will send the header info as request to the remote server(http://mylinuxsite.com) & get the repsonse, and send back to firefox browser through the program. So far so good. The C++ code is working completely & successfully.
Now I try to do the same for https/ssl site such as https://mylinuxsite.com, the same program is just looping sending header info to the server , the https/ssl header info is different attacted as follow (from previous http site),and no HTTPS response from the server. Why ? besides https://mylinux.com, all other https/ssl site ALSO not working through my proxy C++ program BUT works without proxy
on browser.
I have checked the first words of header is "CONNECT" that is for SSL conection
but I found one setting that is "Proxy-Connection: keep-alive",what is that ?
whether I could delete it & send the https header to server again that will work ?
Any suggestion or reason Why the program can NOT work for https/SSL site access ?
Be reminded: https//mylinux.com is working on Firefox browswer WIHTOUT proxy
after testing since I have already installed openSSL on my linux server
Question-2: I've checked the http method at http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html for "CONNECT" option, If https/ssl site need to do POST form request,
how to do that to set POST method option on header with "CONNECT" method together
for https site access ?
Hope you understand what I am asking, if not please pt it out
Duncan
Firefox header info for normal http
=============================
GET http://mylinuxsite.com/b.php HTTP/1.1Host: mylinuxsite.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive 1:2:3:4:5:6:7:
Firefox header info for HTTPS/SSL
=============================
CONNECT mylinuxsite.com:443 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1;" WOW64;" rv:27.0) Gecko/20100101 Firefox/27.0Proxy-Connection: keep-aliveConnection: keep-aliveHost: mylinuxsite.com 1:2:3:4:5:
Author: duncanb7 replied at 2024-03-17 02:16:59
Thanks for all of your reply
Have a nice day
Duncan
Have a nice day
Duncan
Accepted Solution
Author: duncanb7 replied at 2024-03-05 01:43:11
Dear c_kedar
if it is "CONNECT" method issue on my remote linux server, why the broswer will send
the "CONNECT" to the proxy program ? Is it because browser is asking the proxy program
to do "CONNECT" http tunnel connection, and then perform https/SSL request.
For normal cases or mode, I mean no proxy server help for browser, the browser
will perform HTTP/SSL request directly to the remoter server without any http tunnel
"CONNECT" connection help.
The resson why my proxy program that is not working for "connect" that is because
the simple proxy program didn't have such code to do http tunnel "CONNECT" connection.
And that is all totally NOT related to remoter server
For "CONNECT" method implementation, it can be done by Putty's SSH http tunnel(forward port) + Firefox browser proxy setting for SOCK v5 , I tested it before
and it works for all http and https request. Just check my concept to "CONNECT" method
right or not .
Please advise my question and pt out what I said that is correct or not.
Duncan
The server code might be silently ignoring CONNECT method (or possibly any method it has not implemented). Really depends on the server implementation. Search in the code to confirm.
if it is "CONNECT" method issue on my remote linux server, why the broswer will send
the "CONNECT" to the proxy program ? Is it because browser is asking the proxy program
to do "CONNECT" http tunnel connection, and then perform https/SSL request.
For normal cases or mode, I mean no proxy server help for browser, the browser
will perform HTTP/SSL request directly to the remoter server without any http tunnel
"CONNECT" connection help.
The resson why my proxy program that is not working for "connect" that is because
the simple proxy program didn't have such code to do http tunnel "CONNECT" connection.
And that is all totally NOT related to remoter server
For "CONNECT" method implementation, it can be done by Putty's SSH http tunnel(forward port) + Firefox browser proxy setting for SOCK v5 , I tested it before
and it works for all http and https request. Just check my concept to "CONNECT" method
right or not .
Please advise my question and pt out what I said that is correct or not.
Duncan
Assisted Solution
Expert: c_kedar replied at 2024-03-04 20:44:33
166 points GOOD
the server should repsonse my "CONNECT" , at least some http error message to client. Why there is nothing ?
The server code might be silently ignoring CONNECT method (or possibly any method it has not implemented). Really depends on the server implementation. Search in the code to confirm.
I noticed you had second question in your original post.
You can not/do not combine POST with CONNECT.
The way it works is CONNECT method is request from browser to proxy server to establish a tunnel to reach remote server. Then browser will send whatever HTTP request it wants to do, GET/POST/PUT/OPTION etc, directly to remote server.
Author: duncanb7 replied at 2024-03-02 23:30:41
dear c_kedar,
You mean proxy server that is refered to HTTPS/SSL proxy server and NOT http proxy sever Right ?
Before doing what you say like key or encryption stuff in your last post, the first client request is "CONNECT" request, right ? I just send the "CoNNECT" request string to server and that string is sent from Firefox browser and received by my http proxy program
when I send this
"CONNECT mylinuxsite.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: mylinuxsite.com"
to the serve, the server should repsonse my "CONNECT" , at least some http error message to client. Why there is nothing ?
Please advise
Duncan
When proxy server comes in middle, it should not be able to see content of http protocol being transacted by client and server.
For this to happen it has to act as simple tunnel, i.e. forwarder of bytes.
For this to happen it has to act as simple tunnel, i.e. forwarder of bytes.
You mean proxy server that is refered to HTTPS/SSL proxy server and NOT http proxy sever Right ?
Before doing what you say like key or encryption stuff in your last post, the first client request is "CONNECT" request, right ? I just send the "CoNNECT" request string to server and that string is sent from Firefox browser and received by my http proxy program
when I send this
"CONNECT mylinuxsite.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: mylinuxsite.com"
to the serve, the server should repsonse my "CONNECT" , at least some http error message to client. Why there is nothing ?
Please advise
Duncan
Assisted Solution
Expert: c_kedar replied at 2024-03-02 22:20:39
167 points GOOD
Key part of SSL protocol is that client (browser) should be able to talk to server 'privately', i.e. the conversation can not be eves-dropped by anybody on the way.
This is accomplish this, as part of SSL handshake,
When proxy server comes in middle, it should not be able to see content of http protocol being transacted by client and server.
For this to happen it has to act as simple tunnel, i.e. forwarder of bytes.
The sample you have complied may not have this functionality and hence it is not working.
This is accomplish this, as part of SSL handshake,
- browser creates a symmetric key for encryption/decryption, encrypts it using public key found in certificate sent by server, and sends it to server
- this can be decrypted only with private key which is available with only with server
- browser expects a response from server encrypted with the key it had sent, to kind of confirm that it is talking directly to right server.
When proxy server comes in middle, it should not be able to see content of http protocol being transacted by client and server.
For this to happen it has to act as simple tunnel, i.e. forwarder of bytes.
The sample you have complied may not have this functionality and hence it is not working.
Expert: jkr replied at 2024-03-02 20:43:14
Well, 'in more detail' and 'encryption' are a bit controversary, but OK: Yes, it is not only similar to SSH tunneling, it is quite like that. I guess my main point is that you don't want to use proxies here. As for the details, what exactly are you inerested in?
Author: duncanb7 replied at 2024-03-02 19:14:23
Dear jkr, thanks for your reply,
You mean HTTPS proxy acts as tunneling server that is similar to SSH tunneling we are using from Putty software on home PC computer for remote server shell access , Is it correct ?
Could you talk more a litte bit and reveiw my question in first post on this thread
and answer it in more detail ?
Please advise
Duncan
You mean HTTPS proxy acts as tunneling server that is similar to SSH tunneling we are using from Putty software on home PC computer for remote server shell access , Is it correct ?
Could you talk more a litte bit and reveiw my question in first post on this thread
and answer it in more detail ?
Please advise
Duncan
Assisted Solution
Expert: jkr replied at 2024-03-02 18:47:35
167 points GOOD
OK, let me try - a HTTPS proxy would have to act mainly as a tunneling server, i.e exchanging both the handshake protocol and the ensueing communication seamlessly. Or act as a 'man in thew´middle' (yet the idea would be flawed IMO). This is due to the SSL/HTTPS protocol (http://en.wikipedia.org/wiki/HTTP_Secure), where keys have to be exchanged during the connection setup. A HTTP Proxy can't do that. The 'proxy in the middle' approach as above requires the proxy to do exactly that, which is a concept that breaks the rules uf trust in SSL connections and I therefore would not recommend to use it (http://en.wikipedia.org/wiki/Proxy_server).
Author: duncanb7 replied at 2024-03-02 17:56:13
Dear jkr, could you talk more about the concept of how it works for SSL proxy ?
or what is major different between http proxy and https/ssl proxy ?
After searching SSL proxy in internet, now I know the code for SSL proxy is much more
complicated than HTTP proxy.
But I just dump the Firefox's request on my http proxy to the remote server on behalf of
browser role, at least the remote server will send back request error message to client
,but it didn't. Whether it is related request such as "CONNECT.....HOST:....." that
is NOT encrypted by Firefox browser or by my http proxy so that the remote server openSSL decrypt the request in wrong format ? If so, I need to do ecnrypt it according
to the SSL cert , key in order to connect to remote server, Right ?
Normally I know Firefox will do encryption for SSL site if there is NO proxy, and
firefox will just dump request in text to http proxy if proxy is enabled. Is it correct ?
Please advise
Duncan
or what is major different between http proxy and https/ssl proxy ?
After searching SSL proxy in internet, now I know the code for SSL proxy is much more
complicated than HTTP proxy.
But I just dump the Firefox's request on my http proxy to the remote server on behalf of
browser role, at least the remote server will send back request error message to client
,but it didn't. Whether it is related request such as "CONNECT.....HOST:....." that
is NOT encrypted by Firefox browser or by my http proxy so that the remote server openSSL decrypt the request in wrong format ? If so, I need to do ecnrypt it according
to the SSL cert , key in order to connect to remote server, Right ?
Normally I know Firefox will do encryption for SSL site if there is NO proxy, and
firefox will just dump request in text to http proxy if proxy is enabled. Is it correct ?
Please advise
Duncan
Expert: jkr replied at 2024-03-02 08:00:36
A plain HTTP proxy can't handle the SSL handshake - so the connection will be dropped before it is established.