Re: looking for a HTTPS redirect tool

[Haroon Meer <haroon () sensepost com>]

Hi..

You can achieve the SSL relay using sslproxy or stunnel.
You client is still going to get an SSL-error pop-up but im guessing you 
are ok with that..

To edit the stream before passing it to the server (assuming the server 
is also SSL) you are going to need to string together a few ssl 
proxies/stunnels on your own machine.. so you have

--- request --> (443) your-sslproxy[ssl to clear-text]  --> (80) your 
ssl-proxy[clear text to ssl] --> (443) original-server

This way the request/response will pass through your port 80 in the 
clear and you can use tools like net-sed to edit the stream..

/mh

Rajeev Kapoor wrote:
> i am looking for a HTTPS redirect tool, not a proxy.
>  
> i need to test a web based application, it
> communicates via port 443 
> only and doesnot have option of specifying the proxy
> server, only server 
> ip address can be given.
> i want a redirect tool that will accept connections on
> ssl and forward 
> it to the web server, it should itself act like a web
> server not a 
> proxy server.
>  
> i could have achived it via Cain arp posioning but i
> need to edit the 
> data also
> anybody know of such tool?
> thanks,
> rajeev
>
>
>                 
> Discover Yahoo! 
> Find restaurants, movies, travel and more fun for the weekend. Check it out! 
> http://discover.yahoo.com/weekend.html 

--
======================================================================
Haroon Meer                                                         MH
SensePost Information Security                          +27 83786 6637
PGP : http://www.sensepost.com/pgp/haroon.txt     haroon () sensepost com
======================================================================