Creating Proxy Server which will have SSL(HTTPS) encryption itself

Question

3.00/5 (2 votes)

See more:

I wanted to create a proxy server just like fiddler. the main point is, this proxy will be deployed as HTTPS(SSL encripted) only.

I am successfully able to create a proxy(in c#) which is intercepting all my web traffic from the browser(including https sites). But i am facing difficulty when trying to implement SSL implementation for proxy itself.

So the questions are:

Is it really possible to create a proxy server which will be deployed as HTTP itself and with above requirement?
Will my browser automatically handle everything like handshaking with proxy server(after giving proxy settings in internet options) or i need to do some modification at browser end also?
Any help will be appreciable

Thanks

Posted 15-Oct-15 4:06am

Member 10077458

Updated 15-Oct-15 23:46pm

v2

Add a Solution

Comments

Nathan Minier 16-Oct-15 13:18pm

Providing that you have a full SSL cert (including the private key), that shouldn't be terribly hard. Depending on the HTTP Server implementation that you're using, you will need to bind the cert to the port you're using and your application using netsh.

Have a look at:
https://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx

If you want to automate it, you can make the cert installation and configuration part of an installer.

Member 10077458 17-Oct-15 1:50am

I have already implemented the certification and ssl implementation in the proxy. When i am communication with tcp client from the code, it is working. but when i am using it with browser, it is giving me "handshake failed due to an unexpected packet format".

The logical reason that comes to my mind is, when browser is requesting for HTTP site, server first tries to handshake with the browser, which browser is not expecting.

Nathan Minier 19-Oct-15 7:20am

No, I don't think that's it. Generally when I've not not implemented a redirect to HTTPS I get a "Cannot display this page" error.
Which client are you using in code, the System.Net.Http.HttpClient?
https://msdn.microsoft.com/en-us/library/system.net.http.httpclient(v=vs.118).aspx

Member 10077458 19-Oct-15 8:00am

Currently i am using TCP client

Nathan Minier 19-Oct-15 8:30am

Okay, so you're going for a layer 4 connection using:
https://msdn.microsoft.com/en-us/library/system.net.sockets.tcpclient(v=vs.110).aspx

Okay, that explains a lot. My assumption was that you had used an application-level framework, not the transport. Unfortunately, your service is going to be operating under the same assumptions. Unless you built your own parsing module for the TCP Connection, you're going to need to have software on both sides of the connection to handle passing layer 5 traffic.

My advice, if you intend to use this proxy only for HTTP packets, is to implement a web server on the proxy rather than a TCP Listener and let that handle the packet parsing. It will lose flexibility (no telnet/SSH proxy for instance) but will be much less bulky to implement.

Your other option is to implement a packet type detect on the TCP listener, and then implement modules for the various relay types that will properly format the packets. Because you're unwrapping and re-wrapping with SSL, you cannot just relay the packets over; they have to be parsed by the proxy. That's no mean feat, and you will find yourself in the weeds quickly.

Member 10077458 20-Oct-15 4:35am

thanks for the suggestion. i will try this.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)