Nmap Development mailing list archives
Re: ncat http proxy server and SSL
From: Markus Klinik <markus.klinik () gmx de>
Date: Sun, 7 Feb 2010 11:54:51 +0100
On Mon, Feb 01, 2010 at 01:00:50PM -0700, David Fifield wrote:
On Sun, Jan 31, 2010 at 02:25:16PM +0100, Markus Klinik wrote:the http proxy server mode of ncat doesn't support SSL, while the normal listen mode does. I couldn't find anything related to the issue in the mailing list archive and the commit history. Has there some work been done in that direction? Is it planned? If not, I would like to work on a patch.It may not be that hard to add SSL support to the proxy. A patch would be welcome. (Almost?) all socket operations go through socket_buffer objects in http.c. You might be able to isolate the SSL stuff there.
As ncat_listen_stream already uses SSL, I'd like to reuse as much of that code as possible. In particular, there is the function "ncat_recv" which dispatches on whether SSL is compiled in and activated. It also does this SSL_pending thing. It does delaying, telnet negotiation and logging too. So, here is the plan: - replace socket_buffer.sd with an fdinfo - make socket_buffer_readline use ncat_recv instead of recv - make handle_connect and do_transaction use ncat_recv and ncat_send where appropriate - put SSL init / deinit where appropriate - finally, as telnet negotiation doesn't make much sense in proxy mode, forbid that combination in ncat_listen_mode What do you think, does that sound reasonable? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ncat http proxy server and SSL Markus Klinik (Jan 31)
- Re: ncat http proxy server and SSL David Fifield (Feb 01)
- Re: ncat http proxy server and SSL Markus Klinik (Feb 07)
- Re: ncat http proxy server and SSL David Fifield (Feb 12)
- Re: ncat http proxy server and SSL Markus Klinik (Feb 27)
- Re: ncat http proxy server and SSL David Fifield (Mar 15)
- Re: ncat http proxy server and SSL David Fifield (Mar 15)
- Re: ncat http proxy server and SSL Markus Klinik (Mar 17)
- Re: ncat http proxy server and SSL David Fifield (Mar 17)
- Re: ncat http proxy server and SSL Markus Klinik (Feb 07)
- Re: ncat http proxy server and SSL David Fifield (Feb 01)