[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: httpapi and proxy servers
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
> Q1. Does anyone know if the HTTP headers are clear in a 443 transmission ?
Whenever you work with SSL, you encrypt everything. SSL acts as a "layer"
that's inbetween your program and the socket API. It takes all of the
data that you send to it, encrypts it, and then passes the encrypted data
to the actual send() API for the socket.
It doesn't know what the data on the socket is, it doesn't understand that
some of it is headers and other parts are data. It just encrypts
everything.
The nice thing about this design is you can use it for other protocols
besides HTTP. You can use it for Telnet/TN5250, FTP, LDAP, IMAP, etc,
since it doesn't need to understand the underlying protocol.
> Q2. Does anyone have a recommendation for a sniffer that works with port 443
> ?
Nope. However, if you sniff port 80, you should be able to do the same
thing on port 443. The only difference between them should be the letters
'http' instead of 'https' and the fact that port 443 is encrypted.
And, don't forget that it's possible to use other ports besides 80 & 443.
:)
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------