tags:

views:

90

answers:

4
+2  Q: 

.NET HttpListener/HttpWebRequest/HttpWebResponse and HTTPS

I have made a simple proxy using HttpListener and HttpWebRequest/Response to edit and log http headers. Everything works fine and dandy over HTTP but HTTPS is a different story, I have read up on MSDN and its says HttpListener & HttpWebRequest/Response works over HTTPS. Obviously its me doing something wrong.

I have IE pointed to the prefixes below and I cant seem to catch the request.

string[] prefixes = new string[] { "http://127.0.0.11:8080/", "https://127.0.0.12:8081/" };

HttpListener listener = new HttpListener();
// Add the prefixes.
foreach (string s in prefixes)
{
    _listener.Prefixes.Add(s);
}

Examples welcome and I'm a c# newb! :)

A: 

https:// cannot be proxied like this. HTTPS (as in RFC2818) uses SSL/TLS to open a secure tunnel that traverses the proxy. As a proxy, you don't have access to the HTTPS content because is going to be just an opaque binary encrypted goop.

What you expect is more like SHTTP (RFC2660) which is used by basically nobody.

If you want to view HTTPS traffic originating on your machine (eg. for debugging purposes) you can use NetMon. However, a proxy that could inspect all traffic going through it from other machines if by definition impossible to do for HTTPS, it would mean you just succeeded a man-in-the-middle attack.

Remus Rusanu  2010-07-10 00:05:55
A: 

Depending on what you're looking for, take a look at fiddler, which is a widely used proxy for web debugging. It does handle HTTPS.

Cylon Cat  2010-07-10 00:22:18
A: 

In addition to what Cylon Cat said, there is also FiddlerCore, which is the Fiddler proxy but in a form that you can use in your own application. It supports HTTPS.

Chad  2010-07-10 03:24:48
+1  A: 

This is actually pretty easy to do with the .NET framework. If what you are wanting to do is write a man-in-the-middle proxy, like fiddler. Then you can do it easily with SSLStream. A client using your proxy will get a warning about an invalid SSL cert, but you can still proxy the traffic and inspect it.

Here is a pretty functional (includes caching!) proxy server that does https termination instead of tunneling (man-in-the-middle). CodeProject: http://www.codeproject.com/KB/IP/HTTPSDebuggingProxy.aspx

matt-dot-net  2010-07-12 03:55:58

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?