[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: HTTPAPI to SSL Website

To: "HTTPAPI and FTPAPI Projects" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: HTTPAPI to SSL Website
From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 1 Jul 2008 14:35:19 -0500
Importance: normal
In-reply-to: <AF4D9F5259C864428FA90466954230F40B82A5DE69@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
Priority: normal
References: <AF4D9F5259C864428FA90466954230F40B82A5DE55@xxxxxxxxxxxxxxxxxxxxxxxx>, <AF4D9F5259C864428FA90466954230F40B82A5DE56@xxxxxxxxxxxxxxxxxxxxxxxx><AF4D9F5259C864428FA90466954230F40B82A5DE58@xxxxxxxxxxxxxxxxxxxxxxxx>, <4862CC13.4080806@xxxxxxxxxxxxxxxx><AF4D9F5259C864428FA90466954230F40B82A5DE5B@xxxxxxxxxxxxxxxxxxxxxxxx><4863CF56.9060200@xxxxxxxxxxxxxxxx><4863DDBE.4050900@xxxxxxxxxxxxxxxx><001f01c8d7c0$7d079240$196416ac@mikekrxp><48640BAC.5020306@xxxxxxxxxxxxxxxx>, <9593287FBD16D84EBA28BD99D704279F40FF02@xxxxxxxxxxxxxx><AF4D9F5259C864428FA90466954230F40B82A5DE68@xxxxxxxxxxxxxxxxxxxxxxxx>, <9593287FBD16D84EBA28BD99D704279F40FF86@xxxxxxxxxxxxxx> <AF4D9F5259C864428FA90466954230F40B82A5DE69@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
Thread-index: AcjX1kL1/RjJs5rSSSKmXiXfY/Cq+ADxK0kgAACSlCsAAtGNsAAAjnRpAAGwz9A=
Thread-topic: HTTPAPI to SSL Website

To test on the I, I just run the same command on my PC, and then change
my program on the I to send to my PC's IP address instead of the real
one. 

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Juracich,
Jon
Sent: Tuesday, July 01, 2008 1:46 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: HTTPAPI to SSL Website

Kevin:

OK, that's not a huge pain.

Have you run this on the i to compare what it's doing with what a
browser is doing?

Jon Juracich, IBM Certified Specialist: RPG IV Developer
Sr. Staff Consultant, IBM Solutions Practice

Affiliated, Inc.
(614)889-6555, ext 355

www.aresgrp.com

Affiliated helps growing & Mid-Market organizations identify, evaluate,
and implement solutions that use new & existing technology & resources
that improve operational efficiency or increase revenue. Both make your
organization more profitable and more successful.
________________________________________
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kevin Bucknum
[Kevin@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2008 2:38 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: HTTPAPI to SSL Website

I use ssltap on windows.  Here is what I do:
Get the ssltap stuff:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_R
TM/WINNT5.0_OPT.OBJ/nss-3.11.zip
Get the NSPR stuff it requires.
https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.6/WINNT5.0_OPT.
OBJ/nspr-4.6.zip

Extract all of that, and put the dlls from the lib folder in both
releases in the bin folder of the NSS stuff.

Go to a windows command line and get into the bin directory of the NSS
release.

Run this command:

ssltap -sx -p 443 your.targetwebsite.com 443

Now you can test and watch whats on the screen to see whats going back
and forth.  Point your webbrowser to https://127.0.0.1 and it will make
a connection to the target website and send it back to your browser
while printing the debug info on the screen.  To test from the I, just
change the address you are connection to in your program to your pc's ip
address.  If you want to save the debug info just change the command to
something like this:

ssltap -sx -p 443 x.y.z.com 443 > debugout.txt

I know this seems like a pain, but it's the only good way I've ever been
able to debug ssl stuff when it worked manually and my scripting didn't.

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Juracich,
Jon
Sent: Tuesday, July 01, 2008 12:23 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: HTTPAPI to SSL Website

Kevin:

Hmmmmm... OK, this would be the first from-source Unix/Linux tool build
that I've done on an i. Suggestions on how to get started, what I need
to know, etc? Or are you aware of an AIX pre-built version floating
around? (I'm assuming that this would run under PASE, right?)

I don't know that I'm having a problem with the SSL part, per se. It's
more like what I'm trying to send (the session cookie value, for the
second page), or maybe what I'm not sending. I've used a couple of the
tools available for Firefox (Firebug and TamperData) but I don't really
know how to read what I'm seeing. Using TamperData, it LOOKS like
Firefox is doing a straight GET to retrieve the second page. Does that
involve sending anything up to the server, other than the "GET" request?
If it does, and HTTPAPI doesn't do that, I would think that I would have
to "send" something with the cookie value. Maybe.

I've also used the HTTPAPI debug tool to dump the communications out to
a file. That, I can kind of read (but not necessarily completely
understand!).

I'm probably worse than a complete noob on this stuff. I have JUST
enough knowledge to be annoying (and maybe dangerous, but probably not),
but not enough to be useful!

Jon Juracich, IBM Certified Specialist: RPG IV Developer
Sr. Staff Consultant, IBM Solutions Practice

Affiliated, Inc.
(614)889-6555, ext 355

www.aresgrp.com

Affiliated helps growing & Mid-Market organizations identify, evaluate,
and implement solutions that use new & existing technology & resources
that improve operational efficiency or increase revenue. Both make your
organization more profitable and more successful.
________________________________________
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Kevin Bucknum
[Kevin@xxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, July 01, 2008 12:55 PM
To: HTTPAPI and FTPAPI Projects
Subject: RE: HTTPAPI to SSL Website

Way behind reading this, but if you are still having problems Jon, you
might search for ssltap.  It's a command line proxy that decodes ssl for
you. I've used it before in testing other apps that use ssl.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- RE: HTTPAPI to SSL Website
  - From: Kevin Bucknum
- RE: HTTPAPI to SSL Website
  - From: Juracich, Jon
- RE: HTTPAPI to SSL Website
  - From: Kevin Bucknum
- RE: HTTPAPI to SSL Website
  - From: Juracich, Jon

Prev by Date: Re: HTTPAPI to SSL Website
Next by Date: RE: HTTPAPI to SSL Website
Previous by thread: RE: HTTPAPI to SSL Website
Next by thread: Re: HTTPAPI to SSL Website
Index(es):
- Date
- Thread