Click here to Skip to main content
14,423,874 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hello,

I think many people know and use HttpListener[^] class.

As far as I can see from the note on MSDN it supports https traffic:
If you create an HttpListener using https, you must select a Server Certificate for that listener. Otherwise, an HttpWebRequest query of this HttpListener will fail with an unexpected close of the connection.


I added root certificate to the trusted in localstorage and one more certificate to personal also in localstorage which signed by root certificate:
ROOT
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=Root,O=DO_NOT_TRUST,OU=test purposes" -sky signature -pe -r "Root.cer" -sv "RootKey.pvk"

Personal
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=*.codeproject.com,O=DO_NOT_TRUST,OU=test purposes" -sky exchange -pe -ir localmachine  -iv "RootKey.pvk" -ic "Root.cer"



I binded certificate to port like this:
netsh http add sslcert ipport=0.0.0.0:8081 certhash="{hash}" appid={guid}


And everything works but only for sites on localhost. When I try to open for example https://codeproject.com. HttpListener "doesn't hear" request. Browser tries to open web page and failed with timeout.

BTW, I know it's called like man-in-the-middle attack but it's only for test purposes and unfortunately I can't use Fiddler which also use this technique.

By tradition my question is not simple, I believe here is no "free rating" guys, sorry :) but if you are able to help me it would be great.

One more note - I've read almost all articles about this and all examples for localhost there. So if you're going to provide me with the link to an article please check it may be this example also for localhost ;)

And one more - May be your suggestion will be using of TcpListner or something like this. For now I don't want to change logic, I will change logic if it only solution.

Thanks a lot. Timur.
Posted
Updated 29-Sep-19 2:31am
v2

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

Amazing! more than 50 views and no answers, as usual :) Answering by myself, as usual.

HttpListener is more high-level class than TCPListener. Of course this mean that it easier to work with HttpListener but! this also means that there lack of functionality. I mean you can't build serious proxy with HTTPListener.

As we know to work with secured socket (SSL) we need to make SSL handshake (CONNECT method and so on). But for HttpListener it should be done via certificate binding (netsh http add sslcert). All I can say is that I tried everything and couldn't have worked this for remote host, only for localhost. I don't know reason, sorry.
Next, this certificate biding is not comfortable to use in terms of proxy. What if I want to create certificates on the fly with correct CN subject?

All this made me to rewrite my application to use TCPListener and handle CONNECT methods.

The following article help me to understand the basics:
Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C#[^]
   
v2
Comments
NeptuneHACK! 25-Jan-12 14:12pm
   
well, my 5
TimGameDev 25-Jan-12 15:03pm
   
Thanks!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100