How to starthandshake with client browser??

J

Jakekeke

I am using JSSE to write a TCP socket program.
The task i need to do is reveice a CONNECT response from a browser, ie
HTTPS.
And then my program need to communicate with the destinated server.
My program can named as Proxy Server,however, it is a simply proxy
server what it should do is: communicate between browser and server,
and log down all the data transfer, including the request and response
header.

So, would anyone can tell me how to solve the problem i mention above?
You may provide some program statement for me to follow, or
describe what the 3 bodies, client/proxy/server should do in each
timeslot.

Thank you.
p.s. It is very urgent
 
R

Rogan Dawes

Jakekeke said:
I am using JSSE to write a TCP socket program.
The task i need to do is reveice a CONNECT response from a browser, ie
HTTPS.
And then my program need to communicate with the destinated server.
My program can named as Proxy Server,however, it is a simply proxy
server what it should do is: communicate between browser and server,
and log down all the data transfer, including the request and response
header.

So, would anyone can tell me how to solve the problem i mention above?
You may provide some program statement for me to follow, or
describe what the 3 bodies, client/proxy/server should do in each
timeslot.

Thank you.
p.s. It is very urgent
Click to expand...

Take a look at WebScarab (hosted on Sourceforge under the owasp
project). It does exactly what you describe. The relevant source code is
in src/org/owasp/webscarab/plugin/proxy/ConnectionHandler.java.

Regards,

Rogan
 
A

Alex Hunsley

Jakekeke said:
I am using JSSE to write a TCP socket program.
The task i need to do is reveice a CONNECT response from a browser, ie
HTTPS.
And then my program need to communicate with the destinated server.
My program can named as Proxy Server,however, it is a simply proxy
server what it should do is: communicate between browser and server,
and log down all the data transfer, including the request and response
header.

So, would anyone can tell me how to solve the problem i mention above?
Click to expand...

Yes; try writing some java code to solve the problem. That's how you
solve it.
You may provide some program statement for me to follow, or
describe what the 3 bodies, client/proxy/server should do in each
timeslot.
timeslot?

Thank you.
p.s. It is very urgent
Click to expand...

Writing 'urgent' doesn't buy you any favours round here.
 
B

Bruno Grieder

May I also suggest that:

-you never post to multiple newsgroup
-show that at least you tried to do something before sending your post

What you are trying to do (assuming you are) is what I call "a man in
the middle". I have written one: it is very simple in Java with HTTP,
much, much more complicated with HTTPS and close to a nightmare when
there is a proxy.

First read the API documentations SSLSocketFactory, SSLSocket,
SSLServerSocket, SSLServerSocketFactory, SSLContext, X509TrustManager,
KeyManagerFactory, and Google around these ones - there is plenty of
code out there to show basic use of them.

Once you have code to show, come back to this forum.

Bruno
 
A

Alex Hunsley

Bruno said:
May I also suggest that:

-you never post to multiple newsgroup
-show that at least you tried to do something before sending your post

What you are trying to do (assuming you are) is what I call "a man in
the middle". I have written one: it is very simple in Java with HTTP,
much, much more complicated with HTTPS and close to a nightmare when
there is a proxy.

First read the API documentations SSLSocketFactory, SSLSocket,
SSLServerSocket, SSLServerSocketFactory, SSLContext, X509TrustManager,
KeyManagerFactory, and Google around these ones - there is plenty of
code out there to show basic use of them.

Once you have code to show, come back to this forum.

Bruno
Click to expand...

Hi Bruno
can you do me a favour and bottom post? Top-posting makes threads hard
to follow...

thanks!
alex
 
J

Jakekeke

Bruno Grieder said:
May I also suggest that:

-you never post to multiple newsgroup
-show that at least you tried to do something before sending your post

What you are trying to do (assuming you are) is what I call "a man in
the middle". I have written one: it is very simple in Java with HTTP,
much, much more complicated with HTTPS and close to a nightmare when
there is a proxy.

First read the API documentations SSLSocketFactory, SSLSocket,
SSLServerSocket, SSLServerSocketFactory, SSLContext, X509TrustManager,
KeyManagerFactory, and Google around these ones - there is plenty of
code out there to show basic use of them.

Once you have code to show, come back to this forum.
Click to expand...
Of course i have do many research and reading on API before.
I just dont know how to let my program handshake with the browser.
I post the code at the bottom part....
Bruno
Click to expand...

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io_OutputStream;
import java.io_OutputStreamWriter;
import java.io.Writer;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.Certificate;

import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class Test {
public static final String TARGET_HTTPS_SERVER =
"www.ebank.hsbc.com.hk";
public static final int TARGET_HTTPS_PORT = 443;
static final String[] enabledCipherSuites =
{"SSL_RSA_WITH_RC4_128_MD5",
"SSL_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5", "TLS_DH_anon_WITH_AES_128_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA",
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};

public static void main(String[] args) throws Exception {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;

char[] passphrase = "WebAS".toCharArray();
ctx = SSLContext.getInstance("SSL");

kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("c:\\DummyServerTrustFile.jks"),
passphrase);
kmf.init(ks, passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
ctx.init(kmf.getKeyManagers(),
tmf.getTrustManagers(),
new java.security.SecureRandom());
SSLSocketFactory sslsocketfactory = ctx.getSocketFactory();
// SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();

SSLServerSocketFactory sSLServerSocketFactory
= ctx.getServerSocketFactory();

ServerSocket serverSocket = new ServerSocket(8080);
int dataLength;
byte[] buf = new byte[1024];
String header = "";
ByteArrayOutputStream byteArrayOutputStream = new
ByteArrayOutputStream();

int count = 0;
while (true) {
System.out.print("waiting.....");
Socket soc = serverSocket.accept();
System.out.println("socket created!!");
InputStream inputStream = soc.getInputStream();
count++;
//boolean connect = true;
boolean connect = false;
char code = '0';
BufferedReader br = new BufferedReader(
new InputStreamReader(soc.getInputStream()));
String lin = null;

int i = 0;
while (true) {
//for (int i=0; i<3; i++) {
lin = br.readLine();
if (i==0) {
if (lin.charAt(lin.length()-1) == '1')
code = '1';
if (lin.startsWith("CONNECT"))
connect = true;
}
for (int k = 0; k<lin.length(); k++) {
// System.out.print((int) lin.charAt(k)+" ");
}
System.out.println(lin);
if ((lin.equals("\r")) || (lin.length() == 0))
break;
i++;
}

Writer ou = new OutputStreamWriter(
soc.getOutputStream());

if (connect){

// System.out.println("back!!!!HTTP/1."+code+" 200 connection
established\r\n\r\n");
code = '0';
ou.write("HTTP/1."+code+" 200 Connection established\r\n");
ou.write("Via: Proxy Name and Version\r\n");
ou.write("\r\n");
ou.flush();

//lin = "";
// while ((dataLength = inputStream.read(buf)) != -1) {
dataLength = inputStream.read(buf);
byteArrayOutputStream.write(buf, 0, dataLength);

header = new String(byteArrayOutputStream.toByteArray(),
"ISO-8859-1");
System.out.println(header);
for (int a=0; a<header.length(); a++)
System.out.print((int) header.charAt(a)+" ");
// }

SSLSocket sSocket =
(SSLSocket)sslsocketfactory.createSocket("www.XXX.com", 443);
/* sSocket.setUseClientMode(true);
InputStream in2 = sSocket.getInputStream();
OutputStream ot2 = sSocket.getOutputStream();
// ot2.write(byteArrayOutputStream.toByteArray());
// ot2.flush();
sSocket.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {

System.out.println("Handshake finished!");
System.out.println("\tCipherSuite:" + event.getCipherSuite());
System.out.println("\tSessionId "
+ event.getSession());
try{

Certificate[] c = event.getSession().getPeerCertificates();
for (int b = 0; b<c.length; b++){

System.out.println("****["+b+"]****");
System.out.println(c.toString());
}
}
catch (SSLPeerUnverifiedException spue) {
}
System.out.println("\t PeerHost " +
event.getSession().getPeerHost ());
}
}
);try {
sSocket.startHandshake();
}
catch (Exception e) {
e.printStackTrace();
}
byteArrayOutputStream = new ByteArrayOutputStream();
dataLength = in2.read(buf);
byteArrayOutputStream.write(buf, 0, dataLength);

header = new String(byteArrayOutputStream.toByteArray());
System.out.println(header);
for (int a=0; a<header.length(); a++){

System.out.print((int) header.charAt(a));
System.out.print(header.charAt(a));
System.out.print(" ");
}*/


//open URLconnection

//SSLSocket sSocket = (SSLSocket)
sslsocketfactory.createSocket(soc, "www.ebank.hsbc.com.hk", 443,
true);
//SSLServerSocket sSocket = (SSLServerSocket)
sSLServerSocketFactory.createServerSocket(8080);
//sSocket.setUseClientMode(true);
//sSocket.setUseClientMode(false);
//sSocket.setNeedClientAuth(true);

//sSocket.setEnabledCipherSuites(enabledCipherSuites);


sSocket.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {

System.out.println("Handshake finished!");
System.out.println("\tCipherSuite:" + event.getCipherSuite());
System.out.println("\tSessionId "
+ event.getSession());
try{

Certificate[] c = event.getSession().getPeerCertificates();
for (int b = 0; b<c.length; b++){

System.out.println("****["+b+"]****");
System.out.println(c.toString());
}
}
catch (SSLPeerUnverifiedException spue) {
}
System.out.println("\t PeerHost " +
event.getSession().getPeerHost ());
}
}
);
System.out.print("changing.....");
try {
sSocket.startHandshake();
}
catch (Exception e) {
e.printStackTrace();
}
System.out.println("done!!!");

Writer ou2 = new OutputStreamWriter(
sSocket.getOutputStream(), "ISO-8859-1");
ou2.write("2134567890");
ou2.flush();

} else {
//SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
Socket socket = SSLSocketFactory.getDefault().createSocket(TARGET_HTTPS_SERVER,
TARGET_HTTPS_PORT);
//Socket socket = new Socket(TARGET_HTTPS_SERVER,
TARGET_HTTPS_PORT);
try {
System.out.println("here");
Writer out = new OutputStreamWriter(
socket.getOutputStream(), "ISO-8859-1");
out.write("GET / HTTP/1.0\r\n");
out.write("Host: " + TARGET_HTTPS_SERVER + ":" +
TARGET_HTTPS_PORT + "\r\n");
out.write("Agent: SSL-TEST\r\n");
out.write("\r\n");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.getInputStream(), "ASCII7"));
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
ou.write(line+"\r\n");
}
ou.flush();
} finally {
socket.close();
}
}
}
}
}


What i want to do is making a handshake process with the browser
I can use plaintext communicate with the destinated host
however, the mean important part is make trust with browser which i
was confused to to so, ie let the browser believe me i am the server.
 
J

Jakekeke

this is the exception what i got

javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at Test.main(Test.java:129)
 
B

Bruno Grieder

Jakekeke said:
May I also suggest that:

-you never post to multiple newsgroup
-show that at least you tried to do something before sending your post

What you are trying to do (assuming you are) is what I call "a man in
the middle". I have written one: it is very simple in Java with HTTP,
much, much more complicated with HTTPS and close to a nightmare when
there is a proxy.

First read the API documentations SSLSocketFactory, SSLSocket,
SSLServerSocket, SSLServerSocketFactory, SSLContext, X509TrustManager,
KeyManagerFactory, and Google around these ones - there is plenty of
code out there to show basic use of them.

Once you have code to show, come back to this forum.
Click to expand...

Of course i have do many research and reading on API before.
I just dont know how to let my program handshake with the browser.
I post the code at the bottom part....

Bruno
Click to expand...


import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io_OutputStream;
import java.io_OutputStreamWriter;
import java.io.Writer;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.Certificate;

import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class Test {
public static final String TARGET_HTTPS_SERVER =
"www.ebank.hsbc.com.hk";
public static final int TARGET_HTTPS_PORT = 443;
static final String[] enabledCipherSuites =
{"SSL_RSA_WITH_RC4_128_MD5",
"SSL_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5", "TLS_DH_anon_WITH_AES_128_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA",
"SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
"SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"};

public static void main(String[] args) throws Exception {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;

char[] passphrase = "WebAS".toCharArray();
ctx = SSLContext.getInstance("SSL");

kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("c:\\DummyServerTrustFile.jks"),
passphrase);
kmf.init(ks, passphrase);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
ctx.init(kmf.getKeyManagers(),
tmf.getTrustManagers(),
new java.security.SecureRandom());
SSLSocketFactory sslsocketfactory = ctx.getSocketFactory();
// SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();

SSLServerSocketFactory sSLServerSocketFactory
= ctx.getServerSocketFactory();

ServerSocket serverSocket = new ServerSocket(8080);
int dataLength;
byte[] buf = new byte[1024];
String header = "";
ByteArrayOutputStream byteArrayOutputStream = new
ByteArrayOutputStream();

int count = 0;
while (true) {
System.out.print("waiting.....");
Socket soc = serverSocket.accept();
System.out.println("socket created!!");
InputStream inputStream = soc.getInputStream();
count++;
//boolean connect = true;
boolean connect = false;
char code = '0';
BufferedReader br = new BufferedReader(
new InputStreamReader(soc.getInputStream()));
String lin = null;

int i = 0;
while (true) {
//for (int i=0; i<3; i++) {
lin = br.readLine();
if (i==0) {
if (lin.charAt(lin.length()-1) == '1')
code = '1';
if (lin.startsWith("CONNECT"))
connect = true;
}
for (int k = 0; k<lin.length(); k++) {
// System.out.print((int) lin.charAt(k)+" ");
}
System.out.println(lin);
if ((lin.equals("\r")) || (lin.length() == 0))
break;
i++;
}

Writer ou = new OutputStreamWriter(
soc.getOutputStream());

if (connect){

// System.out.println("back!!!!HTTP/1."+code+" 200 connection
established\r\n\r\n");
code = '0';
ou.write("HTTP/1."+code+" 200 Connection established\r\n");
ou.write("Via: Proxy Name and Version\r\n");
ou.write("\r\n");
ou.flush();

//lin = "";
// while ((dataLength = inputStream.read(buf)) != -1) {
dataLength = inputStream.read(buf);
byteArrayOutputStream.write(buf, 0, dataLength);

header = new String(byteArrayOutputStream.toByteArray(),
"ISO-8859-1");
System.out.println(header);
for (int a=0; a<header.length(); a++)
System.out.print((int) header.charAt(a)+" ");
// }

SSLSocket sSocket =
(SSLSocket)sslsocketfactory.createSocket("www.XXX.com", 443);
/* sSocket.setUseClientMode(true);
InputStream in2 = sSocket.getInputStream();
OutputStream ot2 = sSocket.getOutputStream();
// ot2.write(byteArrayOutputStream.toByteArray());
// ot2.flush();
sSocket.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {

System.out.println("Handshake finished!");
System.out.println("\tCipherSuite:" + event.getCipherSuite());
System.out.println("\tSessionId "
+ event.getSession());
try{

Certificate[] c = event.getSession().getPeerCertificates();
for (int b = 0; b<c.length; b++){

System.out.println("****["+b+"]****");
System.out.println(c.toString());
}
}
catch (SSLPeerUnverifiedException spue) {
}
System.out.println("\t PeerHost " +
event.getSession().getPeerHost ());
}
}
);try {
sSocket.startHandshake();
}
catch (Exception e) {
e.printStackTrace();
}
byteArrayOutputStream = new ByteArrayOutputStream();
dataLength = in2.read(buf);
byteArrayOutputStream.write(buf, 0, dataLength);

header = new String(byteArrayOutputStream.toByteArray());
System.out.println(header);
for (int a=0; a<header.length(); a++){

System.out.print((int) header.charAt(a));
System.out.print(header.charAt(a));
System.out.print(" ");
}*/


//open URLconnection

//SSLSocket sSocket = (SSLSocket)
sslsocketfactory.createSocket(soc, "www.ebank.hsbc.com.hk", 443,
true);
//SSLServerSocket sSocket = (SSLServerSocket)
sSLServerSocketFactory.createServerSocket(8080);
//sSocket.setUseClientMode(true);
//sSocket.setUseClientMode(false);
//sSocket.setNeedClientAuth(true);

//sSocket.setEnabledCipherSuites(enabledCipherSuites);


sSocket.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(HandshakeCompletedEvent event) {

System.out.println("Handshake finished!");
System.out.println("\tCipherSuite:" + event.getCipherSuite());
System.out.println("\tSessionId "
+ event.getSession());
try{

Certificate[] c = event.getSession().getPeerCertificates();
for (int b = 0; b<c.length; b++){

System.out.println("****["+b+"]****");
System.out.println(c.toString());
}
}
catch (SSLPeerUnverifiedException spue) {
}
System.out.println("\t PeerHost " +
event.getSession().getPeerHost ());
}
}
);
System.out.print("changing.....");
try {
sSocket.startHandshake();
}
catch (Exception e) {
e.printStackTrace();
}
System.out.println("done!!!");

Writer ou2 = new OutputStreamWriter(
sSocket.getOutputStream(), "ISO-8859-1");
ou2.write("2134567890");
ou2.flush();

} else {
//SSLSocketFactory sslsocketfactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
Socket socket = SSLSocketFactory.getDefault().createSocket(TARGET_HTTPS_SERVER,
TARGET_HTTPS_PORT);
//Socket socket = new Socket(TARGET_HTTPS_SERVER,
TARGET_HTTPS_PORT);
try {
System.out.println("here");
Writer out = new OutputStreamWriter(
socket.getOutputStream(), "ISO-8859-1");
out.write("GET / HTTP/1.0\r\n");
out.write("Host: " + TARGET_HTTPS_SERVER + ":" +
TARGET_HTTPS_PORT + "\r\n");
out.write("Agent: SSL-TEST\r\n");
out.write("\r\n");
out.flush();
BufferedReader in = new BufferedReader(
new InputStreamReader(socket.getInputStream(), "ASCII7"));
String line = null;
while ((line = in.readLine()) != null) {
System.out.println(line);
ou.write(line+"\r\n");
}
ou.flush();
} finally {
socket.close();
}
}
}
}
}


What i want to do is making a handshake process with the browser
I can use plaintext communicate with the destinated host
however, the mean important part is make trust with browser which i
was confused to to so, ie let the browser believe me i am the server.
Click to expand...

this is the exception what i got

javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at Test.main(Test.java:129)
Click to expand...


Hi,

I am not sure where line 129 is in your code and it would help to know
what JVM version you are using. What I show you below works with 1.4.

Two lines I find strange in your code are

SSLServerSocketFactory sSLServerSocketFactory =
ctx.getServerSocketFactory();

ServerSocket serverSocket = new ServerSocket(8080);

Why not do

SSLServerSocket serverSocket = (SSLServerSocket)
sSLServerSocketFactory.createServerSocket(8080);

Since you create your factory. This may solve your exception problem.

Lastly, please clarify your comment at the bottom of your code on the
previous post. What I understand is you wonder how the handshake happens
between the browser and your java server. Here is what I can say for the
moment:
-you browser should send you a warning if the public cert you loaded for
your server is not signed by a Root Certificate known by the browser
-you may want to NOT use the default implementation for the context and
and try redoing your own implementation of SSLServerSocketFactory around
these lines (exceptions catching not shown)

//load a keystore with your server certs
//using the supplied methods or design you own
KeyStore keyStore= loadKeyStore(
privateKeyFileName,
keyPass,
publicCertsFileNames);


//Create a key manager factory to manipulate X509 type keys
//and initalize it with the kerystore above
KeyManagerFactory kmf =
KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, keyPass.toCharArray());

//Create a trust manager factory that does not
//Check root certificates
TrustManager[] noCheckTrustManager = {new NoCheckTrustManager()};
//you have to implement that

//Create a context for the use of SSL 3 and initialize it
//with the key manager but null Trust Manager and null Secure Random
SSLContext ctx = SSLContext.getInstance("TLS"); //i.e SSL 3.1
ctx.init(kmf.getKeyManagers(),noCheckTrustManager,null);


//Finally get a Server Socket Factory
ssf = ctx.getServerSocketFactory();
 
R

Rogan Dawes

Bruno said:
Additional notes:

a-You MIM should NOT send any reply directly to the client.
Click to expand...
Actually, it has to send the 200 Ok response to the CONNECT request,
prior to negotiating the SSL session.
c- Your MIM will NEVER be transparent in terms of authentication: you
can transparently pass the content including headers from client to
server, but authentication will always be Client to MIM and MIM to
server. (Fortunately, if not this would defeat the whole purpose of
using certificates).
Click to expand...

Note that, depending on the location of the MIM, and collusion between
the operator of the client (e.g. browser) and the operator of the MIM,
the operator of the browser can simply accept the invalid certificates
presented by the MIM, and can also possibly load the browser's client
certificate in the MIM application, with the nett result that the server
has no knowledge that anything is amiss, and the browser will continue
to operate with no degraded functionality.

WebScarab includes this functionality.

Regards,

Rogan
 
J

Jakekeke

Thank you 2 guys for help.
I hope i can finish my project by those information.
I will post the follow up message if i get any difficulties again

Thanks,
Jake
 
J

Jakekeke

Sorry for having question again

I have make some modification and run ConnectionHandler....
However, i get the following result in my console

Start
HERE~~
GOOD~~
Finished negotiating SSL - algorithm is SSL_NULL_WITH_NULL_NULL
HERE2~~
2004/11/3 ¤W¤È 11:54:10 ConnectionHandler run
ÄY­«ªº: ConnectionHandler got an error : javax.net.ssl.SSLException:
Connection has been shutdown: javax.net.ssl.SSLHandshakeException: no
cipher suites in common
javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:408)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:450)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:182)
at java.io.InputStreamReader.read(InputStreamReader.java:167)
at java.io.BufferedReader.fill(BufferedReader.java:136)
at java.io.BufferedReader.read(BufferedReader.java:157)
at ConnectionHandler.run(ConnectionHandler.java:155)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
common
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.b(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.getSession(DashoA12275)
at ConnectionHandler.negotiateSSL(ConnectionHandler.java:301)
at ConnectionHandler.run(ConnectionHandler.java:145)


How to make SSL_NULL_WITH_NULL_NULL work??
 
R

Rogan Dawes

Jakekeke said:
Sorry for having question again

I have make some modification and run ConnectionHandler....
However, i get the following result in my console
Click to expand...
How to make SSL_NULL_WITH_NULL_NULL work??
Click to expand...

You are not finding the certificate correctly. If you initialise the
KeyStore with a null InputStream, you will get this error. Make sure
that your inputstream is not null before you initialise the key store.

Rogan
 
J

Jakekeke

Thank Rogan.

I think i can finish my program successfully.
Actually, the problem exists on the certificate.
That mean i have no misunderstood the process on MIM,
but i use a non-validated cert.

Can i ask here how to make a cert like what your project is using?
i.e. /server.p12

Also, your project is graceful.
I am just doing a mini-part as your project.
Keep on.

Thanks for help
Jake
 
R

Rogan Dawes

Jakekeke said:
Thank Rogan.

I think i can finish my program successfully.
Actually, the problem exists on the certificate.
That mean i have no misunderstood the process on MIM,
but i use a non-validated cert.

Can i ask here how to make a cert like what your project is using?
i.e. /server.p12

Also, your project is graceful.
I am just doing a mini-part as your project.
Keep on.

Thanks for help
Jake
Click to expand...

Check out openssl, and search the web for "openssl self signed
certificate", and you should be able to find out how to do it. I'll be
honest, I can't remember exactly how I did it either! ;-)

openssl normally creates the cert in PEM or DER formats, you would need
to convert/import those into a PKCS12 format to get the .p12 file . . .

Alternatively, you can use the Java keytool program to create a
self-signed cert. Then you should change the PKCS12 in the keystore
constructor to "JKS", when referencing your keystore.

You might want to go back to the earlier CVS versions of
ConnectionHandler to see how this works . . .

Regards,

Rogan

P.S. for testing, you could easily use the server.p12 file that comes
with WebScarab (also in CVS).
 
J

Jakekeke

Thank Rogan again
(forget to do so)

I have already finished by proxy on SSL part.
However my supervisor asked me to implement that part by another way.
ie, what i have done is same as your project before
every requests will open a new request and response socket

now, what my supervisor wants is some request maybe do on same sockets pair
ie, maybe there have request ABC
after i send back the GET/POST response to request A
the thread in the while loop will send me the request B
it is no need to open another thread to make CONNECT again

I have 2 source right now,
however, i dont know the 2nd method works or not, become it sometime does
is this the correct way to handle the SSL request??
 
R

Rogan Dawes

Jakekeke said:
Thank Rogan again
(forget to do so)

I have already finished by proxy on SSL part.
However my supervisor asked me to implement that part by another way.
ie, what i have done is same as your project before
every requests will open a new request and response socket

now, what my supervisor wants is some request maybe do on same sockets pair
ie, maybe there have request ABC
after i send back the GET/POST response to request A
the thread in the while loop will send me the request B
it is no need to open another thread to make CONNECT again

I have 2 source right now,
however, i dont know the 2nd method works or not, become it sometime does
is this the correct way to handle the SSL request??
Click to expand...

Hi,

I hadn't realised that this is homework. I hope that you are crediting
any code ideas that you are getting.

You need to make sure that the connection keep-alive works. Read RFC2616
to understand how this all is supposed to work. Search for "keep-alive" :)

Rogan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Python client/server that reads HTML body from server 1
How can I upload a tar.bz2 file to OpenStack swift object storage container using the Python swift client? 2
How to upload a compressed file (.gz) to the swift object storage using the Python swift client? 1
Now that's How Save OST Files to PST 3
How to get client domain name with asp 0
How to effectively develop a web application from scratch? 0
How to get expertise in "cyber security" or from where to start for this? 0
How to Make CSV Contact Files Work Seamlessly Across All Smartphones? 0

Members online

No members online now.
Total: 120 (members: 0, guests: 120)
Robots: 272

Forum statistics

Threads
474,432
Messages
2,571,682
Members
48,796
Latest member
Greg L.

Latest Threads

Top