开发者

.NET HttpListener/HttpWebRequest/HttpWebResponse and HTTPS

开发者 https://www.devze.com 2023-01-06 04:08 出处:网络
I have made a simple proxy using HttpListener and HttpWebRequest/Response to edit and log http headers. Everything works fine and dandy over HTTP but HTTPS is a different story, I have read up on MSDN

I have made a simple proxy using HttpListener and HttpWebRequest/Response to edit and log http headers. Everything works fine and dandy over HTTP but HTTPS is a different story, I have read up on MSDN and its says HttpListener & HttpWebRequest/Response works over HTTPS. Obviously its me doing s开发者_开发百科omething wrong.

I have IE pointed to the prefixes below and I cant seem to catch the request.

string[] prefixes = new string[] { "http://127.0.0.11:8080/", "https://127.0.0.12:8081/" };

HttpListener listener = new HttpListener();
// Add the prefixes.
foreach (string s in prefixes)
{
    _listener.Prefixes.Add(s);
}

Examples welcome and I'm a c# newb! :)


https:// cannot be proxied like this. HTTPS (as in RFC2818) uses SSL/TLS to open a secure tunnel that traverses the proxy. As a proxy, you don't have access to the HTTPS content because is going to be just an opaque binary encrypted goop.

What you expect is more like SHTTP (RFC2660) which is used by basically nobody.

If you want to view HTTPS traffic originating on your machine (eg. for debugging purposes) you can use NetMon. However, a proxy that could inspect all traffic going through it from other machines if by definition impossible to do for HTTPS, it would mean you just succeeded a man-in-the-middle attack.


In addition to what Cylon Cat said, there is also FiddlerCore, which is the Fiddler proxy but in a form that you can use in your own application. It supports HTTPS.


This is actually pretty easy to do with the .NET framework. If what you are wanting to do is write a man-in-the-middle proxy, like fiddler. Then you can do it easily with SSLStream. A client using your proxy will get a warning about an invalid SSL cert, but you can still proxy the traffic and inspect it.

Here is a pretty functional (includes caching!) proxy server that does https termination instead of tunneling (man-in-the-middle). CodeProject: http://www.codeproject.com/KB/IP/HTTPSDebuggingProxy.aspx


Depending on what you're looking for, take a look at fiddler, which is a widely used proxy for web debugging. It does handle HTTPS.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号