Click here to Skip to main content
15,868,016 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello,

I think many people know and use HttpListener[^] class.

As far as I can see from the note on MSDN it supports https traffic:
If you create an HttpListener using https, you must select a Server Certificate for that listener. Otherwise, an HttpWebRequest query of this HttpListener will fail with an unexpected close of the connection.


I added root certificate to the trusted in localstorage and one more certificate to personal also in localstorage which signed by root certificate:
ROOT
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=Root,O=DO_NOT_TRUST,OU=test purposes" -sky signature -pe -r "Root.cer" -sv "RootKey.pvk"

Personal
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=*.codeproject.com,O=DO_NOT_TRUST,OU=test purposes" -sky exchange -pe -ir localmachine  -iv "RootKey.pvk" -ic "Root.cer"



I binded certificate to port like this:
netsh http add sslcert ipport=0.0.0.0:8081 certhash="{hash}" appid={guid}


And everything works but only for sites on localhost. When I try to open for example https://codeproject.com. HttpListener "doesn't hear" request. Browser tries to open web page and failed with timeout.

BTW, I know it's called like man-in-the-middle attack but it's only for test purposes and unfortunately I can't use Fiddler which also use this technique.

By tradition my question is not simple, I believe here is no "free rating" guys, sorry :) but if you are able to help me it would be great.

One more note - I've read almost all articles about this and all examples for localhost there. So if you're going to provide me with the link to an article please check it may be this example also for localhost ;)

And one more - May be your suggestion will be using of TcpListner or something like this. For now I don't want to change logic, I will change logic if it only solution.

Thanks a lot. Timur.
Posted
Updated 29-Sep-19 1:31am
v2

Amazing! more than 50 views and no answers, as usual :) Answering by myself, as usual.

HttpListener is more high-level class than TCPListener. Of course this mean that it easier to work with HttpListener but! this also means that there lack of functionality. I mean you can't build serious proxy with HTTPListener.

As we know to work with secured socket (SSL) we need to make SSL handshake (CONNECT method and so on). But for HttpListener it should be done via certificate binding (netsh http add sslcert). All I can say is that I tried everything and couldn't have worked this for remote host, only for localhost. I don't know reason, sorry.
Next, this certificate biding is not comfortable to use in terms of proxy. What if I want to create certificates on the fly with correct CN subject?

All this made me to rewrite my application to use TCPListener and handle CONNECT methods.

The following article help me to understand the basics:
Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C#[^]
 
Share this answer
 
v2
Comments
NeptuneHACK! 25-Jan-12 14:12pm    
well, my 5
TimGameDev 25-Jan-12 15:03pm    
Thanks!
Never too late for an answer?

URL reservations are required when attempting to use HttpListener for anything other than localhost. The syntax for this is as follows:

netsh http add urlacl url=http://<hostName>:<port>/ user=<user>


where <hostname>:<port> is the endpoint for your HttpListener, and <user> is the user ID or user-group name under which the URL reservation will be recorded.

Delete the reservation with the following syntax:

netsh http delete urlacl url=http://<hostName>:<port>/
 
Share this answer
 
Comments
OriginalGriff 11-Feb-24 3:03am    
"Never too late for an answer?"
Well ... it depends.

While I applaud your urge to help people, it's a good idea to stick to new questions, rather than 12 year old ones. After that amount of time, it's unlikely that the original poster is at all interested in the problem any more!
Answering old questions can be seen as rep-point hunting, which is a form of site abuse. The more trigger happy amongst us will start the process of banning you from the site if you aren't careful. Stick to new questions and you'll be fine. Welcome aboard!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900