Re: ncat http proxy server and SSL

[David Fifield <david () bamsoftware com>]

On Sun, Jan 31, 2010 at 02:25:16PM +0100, Markus Klinik wrote:
> the http proxy server mode of ncat doesn't support SSL, while the normal
> listen mode does. I couldn't find anything related to the issue in the
> mailing list archive and the commit history. Has there some work been
> done in that direction? Is it planned? If not, I would like to
> work on a patch. 

Ncat doesn't support SSL in proxy mode, but it's something I've had on a
TODO list for a long time. I started to do it be reimplementing the
server in Nsock, in the branches

svn://svn.insecure.org/nmap-exp/david/ncat-proxy starting at r13207
svn://svn.insecure.org/nmap-exp/david/nsock-proxy

They are so old now, though, that it's better to start over.

It may not be that hard to add SSL support to the proxy. A patch would
be welcome. (Almost?) all socket operations go through socket_buffer
objects in http.c. You might be able to isolate the SSL stuff there.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/