Thanks for your answer. I try to answer your questions. My knowledge in this
area is not sufficient enough to express myself in an understandable way.
What do I mean with HTML content.
The short answer to this is: web-pages.
Assume that I'm accessing a secure website by using my browser. For example
I'm accessing my online bankaccount. The connection that is established is a
The web-pages (or html content) that my browser loads are transmitted in a
secure way. What I understand from HTTPS/SSL is that all traffic between the
browser and, in this example, the bank's server is encrypted.
What I want to do is to analyze the encrypted web-pages. There are, of
course, several ways to do that. I thought the most easy way is to use a
proxy to be able to analyze the traffic that is passed through it. The proxy
is the the "man in the middle". It must decrypt the traffic, allow me to
analyze, and then encrypt it again. In fact, I want to sniff the decrypted
traffic that is passed through the proxy.
In your answer you say that HTTPS/SSL a HTTP protocol which is wrapped using
SSL protocol to encrypt/decrypt and sign/verify the HTTP content.
HTTP content also includes web pages. I want to use DeleGate as proxy
between the browser and the secure webserver. DeleGate should allow me to
analyze the HTTP content that is passed through the proxy.
My questions are:
Can DeleGate be configured for such a sniffing functionality?
In fact, it does not matter whether the traffic is secure or not. I just
want to analyze it without disturbing the communication with the browser.
What is the configuration of DeleGate to get a sniffing functionality?
Hope this clears up the confusion a bit.
On 10/24/07, Yutaka Sato <email@example.com> wrote:
> In message <_A3873@delegate-en.ML_>
> on 10/23/07(07:51:52)
> you "Maurice Glandrup" <firstname.lastname@example.org> wrote:
> |However, I cannot find the HTML content of "the man in the middle".
> What is "the HTML content of "the man in the middle""?
> |I checked the files in the delegate directory to see if the content of
> |secure sites is saved somewhere.
> What is "the content of secure sites" ?
> HTTPS/SSL is just a HTTP protocol which is wrapped using SSL protocol to
> encrypt/decrypt and sign/verify the HTTP content.
> There is not any extra content for each page specific to HTTPS. The only
> extra information for each HTTPS/SSL server is the certificate of the
> 9 9 Yutaka Sato <email@example.com> http://delegate.org/y.sato/
> ( ~ ) National Institute of Advanced Industrial Science and Technology
> _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller