• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1839
  • Last Modified:

https proxy using GNUTLS

Hello ,

I am writing a https web proxy in ubuntu and GNU TLS VERSION IS gnutls-2.10.0. I do not know any other web server except google.com. So my program takes the http request as
GET http://www.google.com/ HTTP/1.1
... from a browser and just change the request as GET https://www.google.com/ HTTP/1.1

and I am using GNU TLS to establish the secure channel to google .com (I know google.com supports https).
I using this statement in a while loop
ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
 
The loop executes for a while I am able to see all the html and javascript content received and after receiving the last packet the control is hanged at this statement. In normal http proxy I used jest recv() method last method as MSG_DONTWAIT flag and I am able to come out of loop.

I am using wireshark to see what is happening..But after 30 or so minutes the program terminates saying an error -9 which means "A TLS PACKET OF UNEXPECTED LENGTH RECEIVED".
please help me on this issue....

Thanks a lot in advance



0
shragi
Asked:
shragi
  • 3
  • 3
1 Solution
 
nociSoftware EngineerCommented:
one question first,
Why are you reimplementing the functionality of stunnel? or openssl used as client connection?

Besides that why not install your own webserver on your own system, you can use apache, lighttpd and other more lightweight do exist too.
Or if you need a proxy there is squid, privoxy, dansguardian.

Maybe some study of those sources can be useful.
0
 
shragiAuthor Commented:
I will try to install by web server in my system, Because I am using a certificate and I know valid cert to google.com eventually I need to connect to remote server, so I am trying to do that.

I saw those proxies but most of them are really complicated and I am able to fill in my stuff in just a single file. SO I want to write my own https proxy which is simple and can enhance according to my requirement.

I am trying to implement and find some results on some particular browser.
Thanks
0
 
nociSoftware EngineerCommented:
You will at least need openssl f.e.

openssl s_client     (see:  http://linux.die.net/man/1/s_client )

connects to a ssl host and you can pass the commands & receive the anwers.

stunnel does something like that, but offers an ip connection. (see: http://linux.die.net/man/8/stunnel)

Those solutions are the easiest.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
shragiAuthor Commented:
Thank you very much, BUt i am using gnu TLS instead of openssl, which is almost similar.

I am able to connect to ssl server and receive data...the loop looks like this

for(;;)
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
   temp=send(_browser, buffer_new, ret, 0);
}

After receiving entire content Even If I used gnutls_record_check_pending, I am unable to come out of loop, I used several flags to check .

But in the last iteration the control blocks at    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);

0
 
nociSoftware EngineerCommented:
I would expect that at one moment you received a 0 byte record.
THAT is the moment to stop, it's the end of the stream.
so:

ssize_t ret;
for(ret= -1; ret >0; )
{
    memset (buffer_new, 0, MAX_BUF + 1);
    ret = gnutls_record_recv (session, buffer_new, MAX_BUF);
    temp=send(_browser, buffer_new, ret, 0);
}

should stop.., if it doesn't there is something wrong with the sending of data and the server didn't close the circuit...
0
 
shragiAuthor Commented:
Thanks a lot, I figured out..need to find the pattern \\r\n0\r\n...thus iam able to come out of the loop.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now