how complex is the code to proxy a HTTPS request?

Apr 15, 2010 at 1:40 AM

Hi,

Do you mind if I ask this question here guys. 

BACKGROUND: I've been trying to use HttpListener to proxy HTTP calls (i.e. HttpListener to capture the request, then create a separate new HttpWebRequest, get the response, then copy back into the original request).  It is working fine for HTTP, however for HTTPS calls it doesn't work at all.  It seems the missing piece is how one handles the HTTPS/SSL setup stuff.  So I'm assume therefore what is missing (I'm not sure) is (a) separate listener on port 443, (b) code that responds to the SSL setup requests in the proxy and works with the requestor etc

QUESTION:  What's the simplest way in C# .NET v3.5 to actually fully listen for a HTTPS request to the point you can then proxy it on (using a separate HTTPS HttpWebRequest call?    Like can this be done with HttpListener alone?  Is there a .NET class to that can be used for SSL negotiation, or do you need to before a HTTPS guru and write your own code to do this?  If possible is there a reference to the code in the C# WebServer project that highlights how it could be done?

 

thanks

 

 

 

 

 

 

Coordinator
Apr 15, 2010 at 5:29 AM

Use my HttpListener instead of the one included in .Net framework. Works out of the box with HTTPS.

HttpListener secureListener = HttpListener.Create(IPAddress.Any, 8080, "C:\\path\\to\\cert.p12");

 

 

Apr 15, 2010 at 5:48 AM

thanks - any quick pointers you can give re creating certificates on a windows XP PC?  (i.e. not a windows server)

 

Coordinator
Apr 15, 2010 at 6:54 AM

webserver.codeplex.com/wikipage?title=HTTPS&referringTitle=Home

Apr 15, 2010 at 7:03 AM

great - thanks

 

Apr 19, 2010 at 2:32 AM

Can I one question please -

from the proxy's point of view, it it true to say that for proxying a HTTPS/SSL request/site that it would also have to listen on port 443 for the TLS/SSL connection setup stuff first.   Or to be more more specific, when I use firefox and I type my company proxy server & port number, I was assuming all traffic goes from my PC to the proxy over this port (e.g. 8080).  But I being to think/see that perhaps what really happens is that Firefox (or underlying windows?) communicates out the proxy first over TLS/SSL type protocols (port 443 I guess) to establish the connection before then the port 8080 CONNECT Http traffic starts.  Does this make any sense?   Why I ask this is that when I setup a .NET HttpListener on port 8080 and try to hit it via web traffic I see nothing.  So perhaps the above would explain it?  (my test proxy is running on the same PC as my test browser)

also I got feedback from someone with a proxy product that said "In order to proxy an HTTPS request without looking at the contents of it you don't need to use certificates or be aware of the encryption. You just need to support the CONNECT method and then proxy the data between the client and server." - so I'm getting a bit confused about things here.

 

thanks

 

 

Coordinator
Apr 19, 2010 at 5:15 AM
You have to enter "https://localhost:8080" to use HTTP/SSL (note "https" and not "http"). The browser have no idea what protocol is used unless the port is 443 (standard one).

On Mon, Apr 19, 2010 at 4:32 AM, callagga <notifications@codeplex.com> wrote:

From: callagga

Can I one question please -

from the proxy's point of view, it it true to say that for proxying a HTTPS/SSL request/site that it would also have to listen on port 443 for the TLS/SSL connection setup stuff first.   Or to be more more specific, when I use firefox and I type my company proxy server & port number, I was assuming all traffic goes from my PC to the proxy over this port (e.g. 8080).  But I being to think/see that perhaps what really happens is that Firefox (or underlying windows?) communicates out the proxy first over TLS/SSL type protocols (port 443 I guess) to establish the connection before then the port 8080 CONNECT Http traffic starts.  Does this make any sense?   Why I ask this is that when I setup a .NET HttpListener on port 8080 and try to hit it via web traffic I see nothing.  So perhaps the above would explain it?  (my test proxy is running on the same PC as my test browser)

also I got feedback from someone with a proxy product that said "In order to proxy an HTTPS request without looking at the contents of it you don't need to use certificates or be aware of the encryption. You just need to support the CONNECT method and then proxy the data between the client and server." - so I'm getting a bit confused about things here.

 

thanks

 

 

Read the full discussion online.

To add a post to this discussion, reply to this email (webserver@discussions.codeplex.com)

To start a new discussion for this project, email webserver@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe or change your settings on codePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at codeplex.com


Apr 19, 2010 at 5:20 AM

so your secure http listener then only needs to listen on one port (i.e. the port specified, e.g. 8080 in this case) and it will handle both the SSL negotiation connections plus subsequent content connections?  (i.e. it does not need a 2nd listener running to handle SSL negotiation/setup - this is where I'm a little confused)

 

Coordinator
Apr 19, 2010 at 5:34 AM
Only one listener is needed. You have to hook the RequestReceived event in the HttpContext object when a new connection is accepted by HttpListener.
Apr 19, 2010 at 5:36 AM

thanks - I should try to look through understand the code, but can I ask does the SSL negotiation stuff (i.e. anything above and beyond what needs to be done for a normal non-secure http request using HttpListener) that has to gone on, is this code you had to write?  If not where does this code exist? 

 

Coordinator
Apr 19, 2010 at 5:40 AM
The SslStream which is included in the .Net frameworks handles the negotiation. You can take a look in the SecureHttpListener if you want to see how everything is set up.
Apr 19, 2010 at 5:42 AM

many thanks