Home > Archive > Java Help > January 2008 > Logging HTTP Headers in HTTPS connections
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Logging HTTP Headers in HTTPS connections
|
|
| Stefan Palme 2008-01-29, 4:57 am |
| Hi,
I am creating a HttpsURLConnection to use HTTPS to talk to a server.
Is there a way to log the plaintext HTTP request headers on client
side? I have no access to the server side, so this is no option.
I was already looking for a solution using an own SSLSocketFactory
to create a socket that logs all traffic which goes through it,
but without any success.
Any help would be appreciated
Regards
-stefan-
| |
| Jason Yang 2008-01-29, 10:34 pm |
| Maybe you could create a socket listening on the port 80 or 8080.By this
way, you could log all sream,which include the HTTP request.
"Stefan Palme" <kleiner@hora-obscura.de> 写入消息新闻:60850lF1pptolU1@mid.individual.net...
> Hi,
> I am creating a HttpsURLConnection to use HTTPS to talk to a server.
> Is there a way to log the plaintext HTTP request headers on client
> side? I have no access to the server side, so this is no option.
>
> I was already looking for a solution using an own SSLSocketFactory
> to create a socket that logs all traffic which goes through it,
> but without any success.
>
> Any help would be appreciated
> Regards
> -stefan-
| |
| Stefan Palme 2008-01-30, 4:59 am |
| >> "Stefan Palme" <kleiner@hora-obscura.de>
>
> 脨沤脠毛脧没脧垄脨脗脦脜:60850lF1pptolU1
@mid.individual.net...
> Maybe you could create a socket listening on the port 80 or 8080.By this
> way, you could log all sream,which include the HTTP request.
As I said - I don't have access to the server side, so I
have to solve this on client side. And logging all outgoing
traffic to port 443 (because its HTTPS) does not help me,
because on this network layer the stream is already SSL encrypted
so I see only "garbage".
Regards
-stefan-
| |
| Gordon Beaton 2008-01-30, 4:59 am |
| On 29 Jan 2008 08:04:37 GMT, Stefan Palme wrote:
> I am creating a HttpsURLConnection to use HTTPS to talk to a server.
> Is there a way to log the plaintext HTTP request headers on client
> side? I have no access to the server side, so this is no option.
>
> I was already looking for a solution using an own SSLSocketFactory
> to create a socket that logs all traffic which goes through it,
> but without any success.
There are a number of proxies that can decode HTTPS. I know of these
(but haven't tried any):
http://www.fiddler2.com/
http://www.xk72.com/charles/
http://www.portswigger.net/proxy/
/gordon
--
| |
|
|
| Stefan Palme 2008-01-30, 4:59 am |
| > On 30 Jan 2008 06:54:25 GMT, Gordon Beaton wrote:
>
> Also, Wireshark compiled with support for SSL-decryption should be able
> to do this, given the keys:
>
> http://wiki.wireshark.org/SSL
Thanks for this hint. But because I don't have access to the server,
I don't have access to the server's certificate keys, too.
Furthermore, I need a solution in Java code, because the HTTP request
headers have to be logged in the application that does the HTTPS
communication.
Is there really no way to access the HTTP-Headers a HttpsUrlConnection
object creates and sends to the server? I have access to the RESPONSE
headers, but did not found anything comparable for the REQUEST
headers...
Thanks
Regards
-stefan-
| |
| Gordon Beaton 2008-01-30, 4:59 am |
| On 30 Jan 2008 08:35:36 GMT, Stefan Palme wrote:
> Thanks for this hint. But because I don't have access to the server,
> I don't have access to the server's certificate keys, too.
>
> Furthermore, I need a solution in Java code, because the HTTP
> request headers have to be logged in the application that does the
> HTTPS communication.
Are you just debugging? If so, don't the proxy solutions I mentioned
handle this transparently?
Or are you looking for a way to add this ability to your application?
If that's the case, then someone else will have to comment...
/gordon
--
| |
| Stefan Palme 2008-01-30, 8:55 am |
| > On 30 Jan 2008 08:35:36 GMT, Stefan Palme wrote:
>
> Are you just debugging? If so, don't the proxy solutions I mentioned
> handle this transparently?
>
> Or are you looking for a way to add this ability to your application? If
> that's the case, then someone else will have to comment...
It has to be build into the application, because if a customer who
uses this application has problems, she should simply activate this
debugging output to generate a report containing the HTTP headers sent.
These customers often don't have very high computer skills, so network
sniffing or proxying is not really an option :-)
regards
-stefan-
| |
| Daniele Futtorovic 2008-01-30, 8:55 am |
| On 29.01.2008 09:04, Stefan Palme allegedly wrote:
> Hi,
> I am creating a HttpsURLConnection to use HTTPS to talk to a server.
> Is there a way to log the plaintext HTTP request headers on client
> side? I have no access to the server side, so this is no option.
>
> I was already looking for a solution using an own SSLSocketFactory
> to create a socket that logs all traffic which goes through it,
> but without any success.
>
> Any help would be appreciated
> Regards
> -stefan-
What went wrong with the SSLSocketFactory approach? Could you elaborate?
| |
| curaco@mail15.com 2008-01-31, 4:55 am |
| > What went wrong with the SSLSocketFactory approach? Could you elaborate?
look at SMIKE utility http://www.smike.ru
It hooks the following functions
getaddrinfo, gethostbyname, connect,
send, recv, CreateFile, ReadFile, WriteFile, InternetCreateUrl,
HttpOpenRequest,
InternetConnect, InternetCloseHandle
and catches low level and high level (GET/POST) of HTTP/HTTPS traffic.
For example:
https://www.paypal.com/us/cgi-bin/w...egistration-run
www.paypal.com:443
GET /us/cgi-bin/webscr?cmd=_registration-run
GET /en_US/i/logo/paypal_logo.gif
www.paypalobjects.com:443
GET /WEBSCR-500-20080129-1/css/xpt.css
GET /WEBSCR-500-20080129-1/css/xptInvoice.css
GET /WEBSCR-500-20080129-1/css/xptObsolete.css
GET /WEBSCR-500-20080129-1/css/xptlive.css
GET /WEBSCR-500-20080129-1/css/default.css
GET /WEBSCR-500-20080129-1/css/ie70win.css
GET /WEBSCR-500-20080129-1/css/pages/SignupInitial.css
GET /WEBSCR-500-20080129-1/css/en_US/lang.css
GET /WEBSCR-500-20080129-1/js/pp_main.js
GET /WEBSCR-500-20080129-1/css/start.css
GET /WEBSCR-500-20080129-1/css/common.css
GET /WEBSCR-500-20080129-1/css/flexible.css
GET /WEBSCR-500-20080129-1/js/lib/yui-0.12/yahoo-dom-event.js
..................
|
|
|
|
|