Solved

https proxy using GNUTLS

Posted on 2010-11-23
6
1,538 Views
Last Modified: 2012-05-10
Hello ,

I am writing a https web proxy in ubuntu and GNU TLS VERSION IS gnutls-2.10.0. I do not know any other web server except google.com. So my program takes the http request as
GET http://www.google.com/ HTTP/1.1
... from a browser and just change the request as GET https://www.google.com/ HTTP/1.1

and I am using GNU TLS to establish the secure channel to google .com (I know google.com supports https).
I using this statement in a while loop
ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
 
The loop executes for a while I am able to see all the html and javascript content received and after receiving the last packet the control is hanged at this statement. In normal http proxy I used jest recv() method last method as MSG_DONTWAIT flag and I am able to come out of loop.

I am using wireshark to see what is happening..But after 30 or so minutes the program terminates saying an error -9 which means "A TLS PACKET OF UNEXPECTED LENGTH RECEIVED".
please help me on this issue....

Thanks a lot in advance



0
Comment
Question by:shragi
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:noci
ID: 34217144
one question first,
Why are you reimplementing the functionality of stunnel? or openssl used as client connection?

Besides that why not install your own webserver on your own system, you can use apache, lighttpd and other more lightweight do exist too.
Or if you need a proxy there is squid, privoxy, dansguardian.

Maybe some study of those sources can be useful.
0
 

Author Comment

by:shragi
ID: 34232553
I will try to install by web server in my system, Because I am using a certificate and I know valid cert to google.com eventually I need to connect to remote server, so I am trying to do that.

I saw those proxies but most of them are really complicated and I am able to fill in my stuff in just a single file. SO I want to write my own https proxy which is simple and can enhance according to my requirement.

I am trying to implement and find some results on some particular browser.
Thanks
0
 
LVL 39

Expert Comment

by:noci
ID: 34233034
You will at least need openssl f.e.

openssl s_client     (see:  http://linux.die.net/man/1/s_client )

connects to a ssl host and you can pass the commands & receive the anwers.

stunnel does something like that, but offers an ip connection. (see: http://linux.die.net/man/8/stunnel)

Those solutions are the easiest.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:shragi
ID: 34233278
Thank you very much, BUt i am using gnu TLS instead of openssl, which is almost similar.

I am able to connect to ssl server and receive data...the loop looks like this

for(;;)
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
   temp=send(_browser, buffer_new, ret, 0);
}

After receiving entire content Even If I used gnutls_record_check_pending, I am unable to come out of loop, I used several flags to check .

But in the last iteration the control blocks at    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);

0
 
LVL 39

Accepted Solution

by:
noci earned 250 total points
ID: 34234465
I would expect that at one moment you received a 0 byte record.
THAT is the moment to stop, it's the end of the stream.
so:

ssize_t ret;
for(ret= -1; ret >0; )
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
    temp=send(_browser, buffer_new, ret, 0);
}

should stop.., if it doesn't there is something wrong with the sending of data and the server didn't close the circuit...
0
 

Author Comment

by:shragi
ID: 34235148
Thanks a lot, I figured out..need to find the pattern \\r\n0\r\n...thus iam able to come out of the loop.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now