EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Please help pki

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#16921
Posted: 07/01/2011 12:25:21
by Eugene Mayevski (EldoS Corp.)

Use RequestParameters property of HTTPSClient.

WebTunnel* properties are, as the name suggests, for web tunneling, and SRP* properties are for SRP, which are unrelated things.


Sincerely yours
Eugene Mayevski
#16991
Posted: 07/11/2011 10:49:38
by florin manea (Basic support level)
Joined: 06/30/2011
Posts: 10

OK,
I've got my 1st succes!
I am able to:
- validate certificate
- send GET request to webserver (ex: social security number and get it's status)

I am not able to send/receive xml files.

Also, I've installed an http analyzer to see the traffic between client and webserver (check errors etc).
The webserver send me the reply for the social seq number (GET) but, very curios, this analyzer (or any) cant records anything, the trafic is 0.

But, seems to recording if I use another client-app and the same webserver.
I've installed several http analyzers and get the same results!
No recordings if I use TEHTTPCLIENT, but works with other app
I forgot to check some http properties?

Do you have any hints?
Thank you,
Florin
#16992
Posted: 07/11/2011 10:57:19
by Vsevolod Ievgiienko (EldoS Corp.)

If you use a secure connection (HTTPS) then the analyzer can not record an encrypted traffic.
#16993
Posted: 07/11/2011 11:00:07
by Ken Ivanov (EldoS Corp.)

Quote
The webserver send me the reply for the social seq number (GET) but, very curios, this analyzer (or any) cant records anything, the trafic is 0.

Do you actually get any reply from the server? Does Get() return a positive value (e.g. 200, 305, 306, ...), do you get anything in the output stream?
#16994
Posted: 07/11/2011 11:10:38
by florin manea (Basic support level)
Joined: 06/30/2011
Posts: 10

Thank you for your reply!

I am still confused why other apps can be recorded.
The data send with HTTPSCLIENT it is not recorded but my application workin.
The same data send with firefox it is not recorded.

the data is bellow:

Code
<entry method="GET" url="https://www.siui.ro/OCSP/validator?username=13798304_CAS-B">

- <headers>
- <requestheaders>
  <header>GET /OCSP/validator?username=usernamehere HTTP/1.1</header>
  <header>Host: www.siui.ro</header>
  <header>Authorization: Basic BOTItUUZJTi1YT1=</header>
  <header>User-Agent: Docs</header>
  </requestheaders>
- <responseheaders>
  <header>HTTP/1.1 200 OK</header>
  <header>Set-Cookie: PROD-OCSP=R1617639066; path=/</header>
  <header>SSL-Offload: HW-assisted</header>
  <header>Server: Apache-Coyote/1.1</header>
  <header>X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5</header>
  <header>Pragma: no-cache</header>
  <header>Cache-control: no-cache</header>
  <header>OSCP_RESPONSE:4B79C663D8B6A2E5B82D651A2976FE033</header>
   </responseheaders>
  </headers>
- <content>
#16995
Posted: 07/11/2011 11:16:42
by Ken Ivanov (EldoS Corp.)

So which goal are you trying to reach - to be able to interchange with the server from your code, or to have protocol data displayed by some [SSL-incapable or simply buggy] analyzers?

Could you please answer my question above: does your Get() method invocation actually work?
#16996
Posted: 07/11/2011 11:31:48
by florin manea (Basic support level)
Joined: 06/30/2011
Posts: 10

Yes, Get() for the above example is working.
It is working for validating online certificate and for the simplest example,
verifing a Social Seq Number (I can see if a person is insured or not)


For the next step, I must see if I am able to download or send xml files to webserver. For this step I use POST. Still learning coding BASE64 and zip.

If I've failed sending xml files then I've downloaded a similar application
and using an http recorder trying to figure out where I was wrong.
The traffic for that application is recorded very well.
#16997
Posted: 07/11/2011 11:42:36
by Ken Ivanov (EldoS Corp.)

It is likely that the other application uses non-secure connections which can be intercepted by the analyzers. Please try to update your code to ]make non-secure ("http://...") requests instead of using "https://...", this should help.
#16998
Posted: 07/11/2011 11:43:40
by Ken Ivanov (EldoS Corp.)

BTW, you can use the OutputStream property or OnData event to catch the body of the server's response. It might contain certain hints about the problem.
#17000
Posted: 07/12/2011 02:24:44
by florin manea (Basic support level)
Joined: 06/30/2011
Posts: 10

Hello,

I cant use http instead https because the url would be wrong in this case.
But I will follow your advice regarding OutputStream.

Thank you,
Florin
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 4569 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!