[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: HTTPAPI to SSL Website
Kevin:
Hmmmmm... OK, this would be the first from-source Unix/Linux tool build that I've done on an i. Suggestions on how to get started, what I need to know, etc? Or are you aware of an AIX pre-built version floating around? (I'm assuming that this would run under PASE, right?)
I don't know that I'm having a problem with the SSL part, per se. It's more like what I'm trying to send (the session cookie value, for the second page), or maybe what I'm not sending. I've used a couple of the tools available for Firefox (Firebug and TamperData) but I don't really know how to read what I'm seeing. Using TamperData, it LOOKS like Firefox is doing a straight GET to retrieve the second page. Does that involve sending anything up to the server, other than the "GET" request? If it does, and HTTPAPI doesn't do that, I would think that I would have to "send" something with the cookie value. Maybe.
I've also used the HTTPAPI debug tool to dump the communications out to a file. That, I can kind of read (but not necessarily completely understand!).
I'm probably worse than a complete noob on this stuff. I have JUST enough knowledge to be annoying (and maybe dangerous, but probably not), but not enough to be useful!
Jon Juracich, IBM Certified Specialist: RPG IV Developer
Sr. Staff Consultant, IBM Solutions Practice
Affiliated, Inc.
(614)889-6555, ext 355
www.aresgrp.com
Affiliated helps growing & Mid-Market organizations identify, evaluate, and implement solutions that use new & existing technology & resources that improve operational efficiency or increase revenue. Both make your organization more profitable and more successful.
________________________________________
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx [ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kevin Bucknum [Kevin@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2008 12:55 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: HTTPAPI to SSL Website
Way behind reading this, but if you are still having problems Jon, you
might search for ssltap. It's a command line proxy that decodes ssl for
you. I've used it before in testing other apps that use ssl.
-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: Thursday, June 26, 2008 4:36 PM
To: HTTPAPI and FTPAPI Projects
Subject: Re: HTTPAPI to SSL Website
Mike,
It's an encrypted (SSL) page. Therefore, wireshark will only show
"garbage" (encrypted data).
Mike Krebs wrote:
> Jon,
>
> Rather than blindly stab at it, get a copy of wireshark and track
> down what a "normal" (browser based) session looks like. Than compare
> that to the debug log. If you don't find the difference there, you
> will need to wireshark the IBM i connection and see what the
> difference is. It is probably something simple like not encoding a
> byte or two of data the way it is expected.
>
> Let us know how you progress.
>
> Mike Krebs
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------