 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / First Aid / January 2008Logging HTTP Headers in HTTPS connections
Hi, I am creating a HttpsURLConnection to use HTTPS to talk to a server. Is there a way to log the plaintext HTTP request headers on client side? I have no access to the server side, so this is no option. I was already looking for a solution using an own SSLSocketFactory to create a socket that logs all traffic which goes through it, but without any success. Any help would be appreciated Regards -stefan- Maybe you could create a socket listening on the port 80 or 8080.By this way, you could log all sream,which include the HTTP request. "Stefan Palme" <kleiner@hora-obscura.de> дÈëÏûÏ¢ÐÂÎÅ:60850lF1pptolU1@mid.individual.net... > Hi, > I am creating a HttpsURLConnection to use HTTPS to talk to a server. [quoted text clipped - 8 lines] > Regards > -stefan- >> "Stefan Palme" <kleiner@hora-obscura.de> >> Hi, [quoted text clipped - 5 lines] > Maybe you could create a socket listening on the port 80 or 8080.By this > way, you could log all sream,which include the HTTP request. As I said - I don't have access to the server side, so I have to solve this on client side. And logging all outgoing traffic to port 443 (because its HTTPS) does not help me, because on this network layer the stream is already SSL encrypted so I see only "garbage". Regards -stefan- > I am creating a HttpsURLConnection to use HTTPS to talk to a server. > Is there a way to log the plaintext HTTP request headers on client [quoted text clipped - 3 lines] > to create a socket that logs all traffic which goes through it, > but without any success. There are a number of proxies that can decode HTTPS. I know of these (but haven't tried any): http://www.fiddler2.com/ http://www.xk72.com/charles/ http://www.portswigger.net/proxy/ /gordon -- >> I am creating a HttpsURLConnection to use HTTPS to talk to a server. >> Is there a way to log the plaintext HTTP request headers on client [quoted text clipped - 10 lines] > http://www.xk72.com/charles/ > http://www.portswigger.net/proxy/ Also, Wireshark compiled with support for SSL-decryption should be able to do this, given the keys: http://wiki.wireshark.org/SSL /gordon -- >>> I am creating a HttpsURLConnection to use HTTPS to talk to a server. >>> Is there a way to log the plaintext HTTP request headers on client [quoted text clipped - 15 lines] > > http://wiki.wireshark.org/SSL Thanks for this hint. But because I don't have access to the server, I don't have access to the server's certificate keys, too. Furthermore, I need a solution in Java code, because the HTTP request headers have to be logged in the application that does the HTTPS communication. Is there really no way to access the HTTP-Headers a HttpsUrlConnection object creates and sends to the server? I have access to the RESPONSE headers, but did not found anything comparable for the REQUEST headers... Thanks Regards -stefan- > Thanks for this hint. But because I don't have access to the server, > I don't have access to the server's certificate keys, too. > > Furthermore, I need a solution in Java code, because the HTTP > request headers have to be logged in the application that does the > HTTPS communication. Are you just debugging? If so, don't the proxy solutions I mentioned handle this transparently? Or are you looking for a way to add this ability to your application? If that's the case, then someone else will have to comment... /gordon -- >> Thanks for this hint. But because I don't have access to the server, I >> don't have access to the server's certificate keys, too. [quoted text clipped - 8 lines] > Or are you looking for a way to add this ability to your application? If > that's the case, then someone else will have to comment... It has to be build into the application, because if a customer who uses this application has problems, she should simply activate this debugging output to generate a report containing the HTTP headers sent. These customers often don't have very high computer skills, so network sniffing or proxying is not really an option :-) regards -stefan- > Hi, > I am creating a HttpsURLConnection to use HTTPS to talk to a server. [quoted text clipped - 8 lines] > Regards > -stefan- What went wrong with the SSLSocketFactory approach? Could you elaborate? > What went wrong with the SSLSocketFactory approach? Could you elaborate? look at SMIKE utility http://www.smike.ru It hooks the following functions getaddrinfo, gethostbyname, connect, send, recv, CreateFile, ReadFile, WriteFile, InternetCreateUrl, HttpOpenRequest, InternetConnect, InternetCloseHandle and catches low level and high level (GET/POST) of HTTP/HTTPS traffic. For example: https://www.paypal.com/us/cgi-bin/webscr?cmd=_registration-run www.paypal.com:443 GET /us/cgi-bin/webscr?cmd=_registration-run GET /en_US/i/logo/paypal_logo.gif www.paypalobjects.com:443 GET /WEBSCR-500-20080129-1/css/xpt.css GET /WEBSCR-500-20080129-1/css/xptInvoice.css GET /WEBSCR-500-20080129-1/css/xptObsolete.css GET /WEBSCR-500-20080129-1/css/xptlive.css GET /WEBSCR-500-20080129-1/css/default.css GET /WEBSCR-500-20080129-1/css/ie70win.css GET /WEBSCR-500-20080129-1/css/pages/SignupInitial.css GET /WEBSCR-500-20080129-1/css/en_US/lang.css GET /WEBSCR-500-20080129-1/js/pp_main.js GET /WEBSCR-500-20080129-1/css/start.css GET /WEBSCR-500-20080129-1/css/common.css GET /WEBSCR-500-20080129-1/css/flexible.css GET /WEBSCR-500-20080129-1/js/lib/yui-0.12/yahoo-dom-event.js ................. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.