Solved

SSL >  fread(fsockopen()) > Not working

Posted on 2008-10-06
9
974 Views
Last Modified: 2012-06-21
When I go to https://www.thawte.com:443/  I see a secure web page there.  

So why does the below command return nothing?

shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'

string(0) ""
shell> php -r 'fwrite(fsockopen("ssl://www.thawte.com", 443), "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread(fsockopen("ssl://www.thawte.com", 443), 8192));'

 

string(0) ""

 

 

=== Here's the dump of the Headers I should be seeing =====

GET / HTTP/1.1

Host: www.thawte.com:443

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

 

HTTP/1.x 200 OK

Date: Tue, 07 Oct 2008 00:45:18 GMT

Server: Apache

Accept-Ranges: bytes

Content-Length: 36400

Connection: close

Content-Type: text/html

Open in new window

0
Comment
Question by:Geoff Millikan
  • 3
  • 3
  • 3
9 Comments
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 22657643
php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22664756
> Host: www.thawte.com:443\r\n

hmm, I doubt that such a host exists :)
better use
    Host: www.thawte.com\r\n
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 22664829
443 is the standard port for SSL
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22664857
> 443 is the standard port for SSL
what has a standard to do with this? noone restricts you to run HTTPS on any other port.
Anyway, that's out of scope here, the FQDN does not allow to contain : (colon), and as the Host header only allows FQDNs or IPs, the given string is invalid.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Geoff Millikan
ID: 22666241
ahoffmann: I believe the colon is allowed in t he HTTP header per RFC 2616 linked below.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23

kelvinwkw: Looks like you're on the right track.  But the code returns with the below error on PHP 5.2

The code below works to read via GET over SSL but I'm stuck on getting a POST to work.  But that's scope creep, I guess I'll need to post another question.
shell> php -r "$fo = fsockopen(\"ssl://www.thawte.com\", 443); fwrite($fo, \"GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n\"); var_dump(fread($fo, 8192));"
 

Unmatched ".
 
 

-----====== SSL GET method ===----

$fp = fsockopen('ssl://www.thawte.com', 443);

$request="GET / HTTP/1.1\r\n";

$request.="Host: www.thawte.com:443\r\n";

$request.="User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3\r\n";

$request.="Connection: close\r\n";

$request.="\r\n";

fwrite($fp, $request);

$contents=stream_get_contents($fp, -1);

fclose($fp);

echo $contents;

?>

Open in new window

0
 
LVL 11

Accepted Solution

by:
kelvinwkw earned 500 total points
ID: 22666480
What about this?

php -r '$fo = fsockopen("ssl://www.thawte.com", 443); fwrite($fo, "GET / HTTP/1.1\r\nHost: www.thawte.com:443\r\nConnection: Close\r\n\r\n"); var_dump(fread($fo, 8192));'

To perform a post, you may refer to the sample below

<?php      
$req="cmd=_xclick&business=a12345@hotmail.com&item_name=Youth&currency_code=USD&amount=75.00";
header("POST /us/cgi-bin/webscr HTTP/1.0");
header("Host: www.sandbox.paypal.com");
header("Content-Type: application/x-www-form-urlencoded");
header("Content-Length: " . strlen($req));
header($req);
?>
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 22666502
> .. per RFC 2616 .
dooh, missed the optional part. Thanks for correction.
Anyway, the port part in the host header is optional, hence not part of the solution here.
0
 

Author Comment

by:Geoff Millikan
ID: 22668246
kelvinwkw:  Yes, that works!  I'll give you points.

Your POST example wasn't via SSL. Do you have a working SSL POST example?  I cannot get POST to work over SSL.  Can you?
0
 

Author Comment

by:Geoff Millikan
ID: 22673266
Arg.  I figured it out, I was missing the below line in t he header.

Content-Type: application/x-www-form-urlencoded

And that caused the POST'ed variables to bomb out and hang everything to no end.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now