Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. Other Discussions
  3. The Weird and The Wonderful
  4. Man-in-the-middle SSL-Streams

Man-in-the-middle SSL-Streams

Scheduled Pinned Locked Moved The Weird and The Wonderful
sysadmincsharpsecuritycryptographyquestion
1 Posts 1 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    Dr Gadgit
    wrote on last edited by
    #1

    if you have ever wrote a proxy server and just wanted to relay SSL data then you just need to read the HTTPS connect to get the host name and then join the client socket to a server socket and pump the data between sockets. Doing MITM after first installing a CA certificate on the client machine so that it works in stealth mode is not so easy and you need to use a SSL-Stream to authenticate with both the client and server to decrypt the data. Trouble is a SSL-Stream in stealth mode won't give you the host name and if you read the socket that the SSL-Stream is conncted to so you can parse the host name from the stream then the SSL-Stream won't work, it's read forwards only. So how did i patch this up to work using .NET 3.5 ? Well i used something like two proxy servers and the first one read the socket stream to extract the host-name and then relayed the data to a second proxy that connected a SSL-Stream to the incoming net.socket and then asked the first proxy for the host name. browser->host-name-proxy->MITM Proxy->Internet OK i wrapped it up inside a single class so that it all worked inside a single proxy server on the same process id but i must be very cleaver for thinking outside the box and getting something to work or went about it all wrong and must be very stupi. Maybe I needed to use some other network base class. shoot away, it's code Jim but not as we know it :)

    1 Reply Last reply
    0
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes


    • Login

    • Don't have an account? Register

    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups