Article delegate-en/4770 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4769@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: https mitm - bad server certificate
25 Mar 2010 01:41:42 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

 |then I want to use delegate to transparently intercept these requests and do
 |data conversion with CFI
 |as described here http://www.delegate.org/delegate/mitm/

The "MITM" feature of DeleGate does not work as so called "transparent
proxy".  STLS=mitm works as a proxy (SSLtunnel) explicitly specified by
a client and relays HTTPS/SSL request by the "CONNECT" method, decrypting
and encrypting HTTPS/SSL messages over it.

To use DeleGate as a gateway (for SSL wrapping) from HTTP clients to a
HTTPS server, it should be used as this:

  -P80 SERVER=http STLS=fsv MOUNT="/* https://server/*"

To use DeleGate as a gateway (for SSL peeping) from HTTPS clients to a
HTTPS server, it should be used as this:

  -P443 SERVER=https STLS=fcl,fsv MOUNT="/* https://server/*"

Note that the default certificate built-in DeleGate might be out of date,
and is not signed by any CA.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

In message <_A4769@delegate-en.ML_> on 03/23/10(11:21:49)
you mathias baert <puejabdyi-5bnwhwdzselr.ml@ml.delegate.org> wrote:
 |Hi all
 |
 |I'm trying to set up a local proxy,
 |filtering tweets. (trying to keep the noise down)
 |
 |I'm using a twitterclient (tweetie) which requests data from
 |https://twitter.com
 |
 |I redirect requests to twitter to localhost with
 |$ sudo dscl /Local/Default create Hosts/twitter.com IPAddress 127.0.0.1
 |
 |then I want to use delegate to transparently intercept these requests and do
 |data conversion with CFI
 |as described here http://www.delegate.org/delegate/mitm/
 |
 |
 |As a first step I tried to get it working without modifying data with these
 |commands
 |
 |$ sudo ./delegated -v -P443 SERVER=http STLS=mitm FTOSV=-tee-n
 |
 |$ sudo ./delegated -v -P443 SERVER=http STLS=mitm FTOSV=-tee-n MOUNT="/*
 |https://twitter.com/*"
 |
 |$ sudo ./delegated -v -P443 SERVER=http STLS=mitm FTOSV=-tee-n MOUNT="*
 |https://twitter.com*"
 |
 |none worked.
 |
 |Output from the last one is below.
 |
 |The client complains about "bad server certificate"
 |Am I trying to do something delegate can't do
 |or am I doing it wrong?
 |
 |Thanks!
 |
 |Mathias

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V