Article delegate-en/3606 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3603@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: mitm peep not working
21 Dec 2006 20:21:09 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A3603@delegate-en.ML_> on 12/21/06(19:21:41)
you "Paul Beardsell" <pcmhabdyi-6cfuxbsrro3r.ml@ml.delegate.org> wrote:
 |I was very pleased, therefore, to find your excellent utility.
 |Unfortunately it does not perform quite as you describe at
 |http://www.delegate.org/delegate/mitm/ - the MITM instructions.  The
 |logged SSL traffic is not decrypted.
 |
 |I am using DeleGate 9.3.1 on Ubuntu Linux (Edgy) and my command line is:
 |
 |    $ delegated -v -P8080 STLS=mitm FSV=-tee-n-v
 |
 |Using that command and telling Firefox to use the proxy localhost:8080
 |everything works perfectly on all the sites I have tried, HTTP and
 |HTTPS.  But the log has the encrypted traffic, not the decrypted
 |traffic.

DeleGate does not do MITM for HTTP without "SERVER=http".

 |I know your instructions say that I should be using the command line
 |option SERVER=http but when I do then the browser sometimes hangs and,
 |once again, the logged traffic is not decrypted.

I tested it with the following combination and it seems to work without
problem as the enclosed log shows.

  client:   FF2.0
  DeleGate: delegated -P9999 SERVER=http STLS=mitm FTOSV=-tee-n
  server:   https://www.delegate.org/delegate/mitm/

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

    12/22 05:01:51.74 [28283] 0+0: --INITIALIZATION START: 9.3.1 on Darwin/7.9.0--
    12/22 05:01:51.74 [28283] 0+0: EXECDIR=/xxx/src
    12/22 05:01:51.74 [28283] 0+0: BINSHELL=/bin/sh
    12/22 05:01:51.75 [28283] 0+0: scan STLS and FILTERS before beDaemon()...
    12/22 05:01:51.75 [28283] 0+0: STLS -> CMAP="--mitm,sslway:FSV:starttls"
    12/22 05:01:51.75 [28283] 0+0: STLS -> CMAP="--mitm,sslway:FCL:starttls"
    12/22 05:01:51.76 [28283] 0+0: --- [z] 0 dglibz.dylib
    12/22 05:01:51.76 [28283] 0+0: --- [z] 0 libz.0.9.8.dylib
    12/22 05:01:51.76 [28283] 0+0: --- [/usr/lib/libz.dylib]
    12/22 05:01:51.77 [28283] 0+0: --- [z] 602170 /usr/lib/libz.dylib
    12/22 05:01:51.77 [28283] 0+0: ---- [z] loaded 9 syms, unknown=0+0, already=0
    12/22 05:01:51.77 [28283] 0+0: +++ loaded Zlib 1.1.4
    12/22 05:01:51.77 [28283] 0+0: #### gzip/gunzip = dynamically linked
    12/22 05:01:51.78 [28283] 0+0: --- [/xxx/delegate/etc/dglibssl.dylib]
    12/22 05:01:51.78 [28283] 0+0: --- [ssl] 6021E0 /xxx/delegate/etc/dglibssl.dylib
    12/22 05:01:51.79 [28283] 0+0: ---- [ssl] loaded 92 syms, unknown=0+0, already=0
    12/22 05:01:51.79 [28283] 0+0: +++ loaded OpenSSL 0.9.8d 28 Sep 2006

**** SSL library (OpenSSL0.9.8d) is loaded successfully

    12/22 05:01:51.81 [28283] 0+0: ## SSLway certfile not found or wrong: server-cert.pem [at /xxx/myhome/dist/common/work]
    12/22 05:01:51.82 [28283] 0+0: ## SSLway keyfile not found or wrong: server-key.pem [at /xxx/myhome/dist/common/work]
    12/22 05:01:51.82 [28283] 0+0: ## SSLway key does not match cert: server-key.pem server-cert.pem
    12/22 05:01:51.82 [28283] 0+0: ## SSLway -- Using Default Certificate
    12/22 05:01:51.82 [28283] 0+0: ## SSLway ## 0.028388 connected/accepted
    12/22 05:01:51.83 [28283] 0+0: ## SSLway initialized ctx #0000000 0 X
    12/22 05:01:51.84 [28283] 0+0: server_open(delegate,:9999,listen=20)
    12/22 05:01:51.84 [28283] 0+0: server_open(delegate,:9999) BOUND
    12/22 05:01:51.84 [28283] 0+0: DGROOT=/xxx/delegate^M
    12/22 05:01:51.84 [28283] 0+0: <DeleGate/9.3.1> [28283] -P9999 READY^M
    12/22 05:01:51.84 [28283] 0+0: PORT= 9999/10 (39,15)
    12/22 05:01:51.86 [28283] 0+0: OWNER=nobody => OWNER=yutaka/staff(yutaka/staff)
    12/22 05:01:51.86 [28283] 0+0: STLS -> CMAP="--mitm,sslway:FSV:starttls"
    12/22 05:01:51.86 [28283] 0+0: STLS -> CMAP="--mitm,sslway:FCL:starttls"
    12/22 05:01:51.86 [28283] 0+0: REMITTABLE = http,https/{80,443},gopher,ftp,wais
    12/22 05:01:51.88 [28283] 0+0: ADMIN=ysato@delegate.org protocol=http(specialist)
    12/22 05:01:52.17 [28283] 0+0: MOUNT[0]X[2] /-/builtin/icons/* = default
    12/22 05:01:52.18 [28283] 0+0: MOUNT[1]X[3] /-/* = forbidden,from=!.RELIABLE,default
    12/22 05:01:52.18 [28283] 0+0: MOUNT[2]X[0] /-* = default
    12/22 05:01:52.18 [28283] 0+0: MOUNT[3]X[1] /=* = default
    12/22 05:01:52.18 [28283] 0+0: MOUNT[4]=[4] /favicon.ico builtin:icons/ysato/default.ico default,direction=fo,onerror=404,expires=15m
    12/22 05:01:52.18 [28283] 0+0: #### stack size limit = 800000 (000000X)
    12/22 05:01:52.19 [28283] 0+0: Stay open PIDFILE for accept() lock[fd=14]
    12/22 05:01:52.19 [28283] 0+0: StickyReport[15,16]127.0.0.1:1><127.0.0.1:1
    12/22 05:01:52.19 [28283] 0+0: env[27] LIBPATH=.;/xxx/work;/xxx/delegate/lib;/xxx/src;/xxx/delegate/etc
    12/22 05:01:52.19 [28283] 0+0: env[29] RESOLV=cache,file,dns
    12/22 05:01:52.19 [28283] 0+0: arg[3] SERVER=http
    12/22 05:01:52.20 [28283] 0+0: arg[4] ADMIN=ysato@delegate.org
    12/22 05:01:52.20 [28283] 0+0: arg[5] STLS=mitm
    12/22 05:01:52.20 [28283] 0+0: arg[6] FTOSV=-tee-n
    12/22 05:01:52.22 [28283] 0+0: DELEGATE_Modified[0]: 458ae6db 1166730971
    12/22 05:01:52.22 [28283] 0+0: --INITIALIZATION DONE: 9.3.1 on Darwin/7.9.0--
    12/22 05:01:59.60 [28283] 1+0: default SCREEN=log:__screen
    12/22 05:01:59.61 [28288] 1+0: -- Fork(SequentialServer): 28283 -> 28288

    12/22 05:01:59.78 [28288] 1+1: (0) accepted [35] -@[127.0.0.1]localhost:50929 (0.171s)(1)
    12/22 05:01:59.78 [28288] 1+1: # SSL record head[43 4F 4E 4E 45] SSL2 8?/850

**** a SSL packet from the client is detected then
**** MITM mode is activated here

    12/22 05:01:59.93 [28288] 1+1: ConnectToServer: DFLT=https://www.delegate.org:443 REAL=://:0
    12/22 05:01:59.94 [28288] 1+1: ConnectToServer connected [21] {210.155.199.28:443 <- 192.168.x.x:50930} [0.011s]
    12/22 05:01:59.97 [28288] 1+1: willSTLS_SV: ServerFlags=40010
    12/22 05:01:59.98 [28289] 1+1: -- Fork(FSV): 28288 -> 28289
    12/22 05:01:59.98 [28289] 1+1: ## SSLway loadSession 0.000100 (0 0) / -1
    12/22 05:01:59.99 [28288] 1+1: ## MITM: acting in Man-In-The-Middle Mode
    12/22 05:01:59.99 [28290] 1+1: -- Fork(FTOSV): 28288 -> 28290
    12/22 05:01:59.00 [28288] 1+1: # SSL record head[16  3  1  0 B0] SSL3 8?/181
    12/22 05:02:00.00 [28291] 1+1: -- Fork(FCL): 28288 -> 28291
    12/22 05:02:00.01 [28291] 1+1: ## SSLway loadSession 0.000113 (0 0) / -1
    12/22 05:02:00.05 [28289] 1+1: ## SSLway ## 0.074371 connected/accepted
    12/22 05:02:00.05 [28289] 1+1: ## SSLway server's cert. = **subject<</C=JP/ST=Ibaraki/L=Tsukuba/O=Electrotechnical Laboratory/OU=Computer Science Division/CN=Yutaka Sato/emailAddress=ysato@etl.go.jp>> **issuer<</C=JP/ST=Ibaraki/L=Tsukuba/O=Electrotechnical Laboratory/OU=Computer Science Division/CN=Yutaka Sato/emailAddress=ysato@etl.go.jp>>
    12/22 05:02:00.06 [28288] 1+1: **** delayed detection of SSL
    12/22 05:02:00.07 [28291] 1+1: ## SSLway ## 0.066288 sescache[1] HIT=0 sR=0 cR=1
    12/22 05:02:00.08 [28288] 1+1: IGNORE request: Keep-Alive: 300^M
    12/22 05:02:00.08 [28288] 1+1: Proxy: host=localhost; User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1; DIRECT
    12/22 05:02:00.08 [28288] 1+1: HCKA:[0] keep-alive; host=localhost; (User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1)
    12/22 05:02:00.08 [28288] 1+1: REQUEST - GET /delegate/mitm/ HTTP/1.1^M
    12/22 05:02:00.09 [28288] 1+1: PATH> https://www.delegate.org:443!localhost:9999!localhost:50929!anonymous@localhost;1166731319
    12/22 05:02:00.09 [28288] 1+1: REQUEST = [https://www.delegate.org:443/] GET /delegate/mitm/ HTTP/1.1^M
         1	GET /delegate/mitm/ HTTP/1.1
         2	Host: www.delegate.org
         3	User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
         4	Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
         5	Accept-Language: en-us,en;q=0.5
         6	Accept-Encoding: gzip
         7	Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
         8	Cookie: DeleGate-Control-SVCC=UTF-8
         9	Via: 1.1 - (DeleGate/9.3.1 on Darwin/7.9.0)
        10	
    12/22 05:02:00.67 [28288] 1+1: #HT11 SERVER ver[HTTP/1.1] conn[close]
    12/22 05:02:00.67 [28288] 1+1: HTTP/1.1 200 Content-{Type:text/html Encoding:[gzip/] Leng:2632} Server:DeleGate
    12/22 05:02:00.70 [28288] 1+1: ####Gunzip [0.001803] - => 6462
    12/22 05:02:00.71 [28288] 1+1: Content-Length: 2632 -> 6774 (7034 - 260)
    12/22 05:02:00.71 [28288] 1+1: HTTP transmitted: 237head+6462/2632body=>0txt+0bin->6774/6774, 16i/1o/0f/0.1
    12/22 05:02:00.87 [28288] 1+1/1: CFI process [28289] done
    12/22 05:02:00.98 [28288] 1+1/1: ClosedOnTimeout(0): time=1166731320/1166731349 ppid=28283/28283 pid=28288/28288
    12/22 05:02:00.98 [28288] 1+1/1: IGNORE request: Keep-Alive: 300^M
    12/22 05:02:00.98 [28288] 1+1/1: Proxy: host=localhost; User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1; DIRECT
    12/22 05:02:00.98 [28288] 1+1/1: REQUEST - GET /favicon.ico HTTP/1.1^M
    12/22 05:02:00.98 [28288] 1+1/1: PATH> https://www.delegate.org:443!localhost:9999!localhost:50929!anonymous@localhost;1166731319
    12/22 05:02:00.98 [28288] 1+1/1: REQUEST = [https://www.delegate.org:443/] GET /favicon.ico HTTP/1.1^M
    12/22 05:02:00.98 [28288] 1+1/1: ConnectToServer: DFLT=http://-:80 REAL=https://www.delegate.org:443
    12/22 05:02:00.99 [28288] 1+1/1: ConnectToServer connected [10] {210.155.199.28:443 <- 192.168.x.x:50931} [0.004s]
    12/22 05:02:01.02 [28293] 1+1/1: -- Fork(FSV): 28288 -> 28293
    12/22 05:02:01.03 [28293] 1+1/1: ## SSLway loadSession 0.001257 (1 0) / 2
    12/22 05:02:01.03 [28288] 1+1/1: willSTLS_SV: ServerFlags=40330
    12/22 05:02:01.04 [28294] 1+1/1: -- Fork(FTOSV): 28288 -> 28294
    12/22 05:02:01.04 [28288] 1+1/1: HTTP => (www.delegate.org:443) GET /favicon.ico HTTP/1.1^M
         1	GET /favicon.ico HTTP/1.1
         2	Host: www.delegate.org
         3	User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
         4	Accept: image/png,*/*;q=0.5
         5	Accept-Language: en-us,en;q=0.5
         6	Accept-Encoding: gzip
         7	Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
         8	Cookie: DeleGate-Control-SVCC=UTF-8
         9	Via: 1.1 - (DeleGate/9.3.1 on Darwin/7.9.0)
        10	
    12/22 05:02:01.06 [28293] 1+1/1: ## SSLway ## 0.039196 sescache[2] HIT=1 sR=0 cR=0
    12/22 05:02:01.06 [28293] 1+1/1: ## SSLway server's cert. = **subject<</C=JP/ST=Ibaraki/L=Tsukuba/O=Electrotechnical Laboratory/OU=Computer Science Division/CN=Yutaka Sato/emailAddress=ysato@etl.go.jp>> **issuer<</C=JP/ST=Ibaraki/L=Tsukuba/O=Electrotechnical Laboratory/OU=Computer Science Division/CN=Yutaka Sato/emailAddress=ysato@etl.go.jp>>
    12/22 05:02:01.12 [28288] 1+1/1: #HT11 SERVER ver[HTTP/1.1] conn[keep-alive, timeout=50, maxreq=60]
    12/22 05:02:01.12 [28288] 1+1/1: #HT11 server KEEP-ALIVE
    12/22 05:02:01.12 [28288] 1+1/1: HTTP/1.1 200 Content-{Type:image/x-icon Encoding:[/] Leng:1406} Server:DeleGate/9.4.2-pre1
    12/22 05:02:01.12 [28288] 1+1/1: detach respBuff: non-text data, non keep-alive
    12/22 05:02:01.17 [28288] 1+1/1: ## premature client close: flush_body (cant_getpeername)
    12/22 05:02:01.17 [28288] 1+1/1: ClientEOF: flush_body
    12/22 05:02:01.17 [28288] 1+1/1: HTTP transmitted: 370head+1406/1406body=>0txt+0bin->1406/1406, 12i/2o/0f/0.1
    12/22 05:02:01.17 [28288] 1+1/1: HCKA:[1] closed -- p:premature client EOF (flush_body)
    12/22 05:02:01.18 [28288] 1+1/1: WaitShutdown 1/0 xpid=28294 errno=0/10 0 19 0 0.000
    12/22 05:02:01.18 [28288] 1+1/1: disconnected [35] -@[127.0.0.1]localhost:50929 (1.575s)(0)
    12/22 05:02:01.18 [28288] 1+1/1: CFI process [28293] done (1/3 AFT-0)
    12/22 05:02:01.18 [28288] 1+1/1: CFI process [28291] done (2/3 AFT-0)
    12/22 05:02:01.18 [28288] 1+1/1: CFI process [28290] done (3/3 AFT-0)
    12/22 05:02:01.19 [28288] 1+1: StickyServer done [serverSocketClosed] 1 req / 1 conn / 2 sec
    12/22 05:02:11.79 [28283] 1+0: DeleGate SERVER EXITS: caught SIGINT [2]
    12/22 05:02:11.79 [28283] 1+0: Killpg(28283,15)
    12/22 05:02:11.81 [28283] 1+0: RUSAGE: 0.10u 0.23s 34S 62R 0r 0t 0d 0k 0e 0f 0w 0i 28o 1g 51x 0y
    12/22 05:02:11.81 [28283] 1+0: FINISH.
----

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V