Click here to Skip to main content
15,746,107 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

I think many people know and use HttpListener[^] class.

As far as I can see from the note on MSDN it supports https traffic:
If you create an HttpListener using https, you must select a Server Certificate for that listener. Otherwise, an HttpWebRequest query of this HttpListener will fail with an unexpected close of the connection.

I added root certificate to the trusted in localstorage and one more certificate to personal also in localstorage which signed by root certificate:
makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=Root,O=DO_NOT_TRUST,OU=test purposes" -sky signature -pe -r "Root.cer" -sv "RootKey.pvk"

makecert.exe -sr localmachine -ss MY -a sha1 -n "CN=*,O=DO_NOT_TRUST,OU=test purposes" -sky exchange -pe -ir localmachine  -iv "RootKey.pvk" -ic "Root.cer"

I binded certificate to port like this:
netsh http add sslcert ipport= certhash="{hash}" appid={guid}

And everything works but only for sites on localhost. When I try to open for example HttpListener "doesn't hear" request. Browser tries to open web page and failed with timeout.

BTW, I know it's called like man-in-the-middle attack but it's only for test purposes and unfortunately I can't use Fiddler which also use this technique.

By tradition my question is not simple, I believe here is no "free rating" guys, sorry :) but if you are able to help me it would be great.

One more note - I've read almost all articles about this and all examples for localhost there. So if you're going to provide me with the link to an article please check it may be this example also for localhost ;)

And one more - May be your suggestion will be using of TcpListner or something like this. For now I don't want to change logic, I will change logic if it only solution.

Thanks a lot. Timur.
Updated 29-Sep-19 1:31am

1 solution

Amazing! more than 50 views and no answers, as usual :) Answering by myself, as usual.

HttpListener is more high-level class than TCPListener. Of course this mean that it easier to work with HttpListener but! this also means that there lack of functionality. I mean you can't build serious proxy with HTTPListener.

As we know to work with secured socket (SSL) we need to make SSL handshake (CONNECT method and so on). But for HttpListener it should be done via certificate binding (netsh http add sslcert). All I can say is that I tried everything and couldn't have worked this for remote host, only for localhost. I don't know reason, sorry.
Next, this certificate biding is not comfortable to use in terms of proxy. What if I want to create certificates on the fly with correct CN subject?

All this made me to rewrite my application to use TCPListener and handle CONNECT methods.

The following article help me to understand the basics:
Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C#[^]
Share this answer
NeptuneHACK! 25-Jan-12 14:12pm    
well, my 5
TimGameDev 25-Jan-12 15:03pm    

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900