I have a web application that I need to debug because I suspect that the request send is altered on its way to the server.
I want to dump the HTTPS traffic received on port localhost:443 and decrypt it so I can check the packages.
Obviously I do have the private hey from the server.
Is there a way to do this from the command line?
You can use ssldump.(it works on top of libpcap).
ssldump -r <File_Name>.pcap -k <Key_File>.key -d host <IP_Address>
You specify the following options with the ssldump utility:
-r: Read data from the <File_Name>.pcap file instead of from the network.
-k: Use <Key_File>.key file as the location for the SSL keyfile.
-d: Display the application data traffic.
You may refer the complete example here
You can import the SSL key in wireshark to decrypt https if Wireshark is compiled with SSL decryption support:
http://www.etherlook.com/howto/use-wireshark-to-decrypt-https/
http://wiki.wireshark.org/SSL
Related
I'm able to login into the application, when I'm NOT recording the jmeter script using jmeter's proxy server (aka Test Script Recorder). But, as soon as I setup my browser to use jmeter's proxy server (aka Test Script Recorder) for recording, I'm NOT able to login into the application itself. I have tried adding a cookie manager, cache manager, etc.., but nothing seems to make a difference.
When NOT using the proxy (i.e., when not recording script), below are the 2 calls that are made by the browser to successfully authenticate (screenshot from Chrome developer tools):
When using jmeter's proxy (i.e., when recording script), below is the call. Looks like the call is not even made from the browser to the server, as even the remote address is not resolved and the request method is not shown.
I have recorded multiple scripts for authentication, but this is the first time I'm encountering this issue. And I've followed this guide step by step. What am I missing?
Taken from Jmeter manual,
If you are testing from behind a firewall/proxy server, you may need to provide JMeter with the firewall/proxy server hostname and port number. To do so, run the jmeter[.bat] file from a command line with the following parameters:
-H [proxy server hostname or ip address]
-P [proxy server port]
-N [nonproxy hosts] (e.g. *.apache.org|localhost)
-u [username for proxy authentication - if required]
-a [password for proxy authentication - if required]
Example : jmeter -H my.proxy.server -P 8000 -u username -a password -N localhost
You can also use --proxyHost, --proxyPort, --username, and --password as parameter names
I have an access to a preconfigured Windows XP 32-bit workstation.
It's under firewall and to get outside it uses http proxy server.
To get proxy settings I need host, port, username and password.
http: // username : password # server : port
I'm able to find the proxy url and port (from PAC - automatic config file),
but I don't know how to get username/password. Is there a way to read it somehow? At least username? I might get the admin rights.
Do you know any tool that can help?
I only found these MS docs about some methods to get proxy config connection, but I don't know how to determinate what's the provided credentials:
WinHttpGetIEProxyConfigForCurrentUser function
WINHTTP_CURRENT_USER_IE_PROXY_CONFIG structure
WinHttpGetProxyForUrl function
I've also found this lib, but it's rather for parsing PAC:
http://code.google.com/p/pacparser/
In windows you cannot get password.
To get connect throw a proxy you have to use SSPI, check libcurl, you can get a connected socket throw proxy, build it with enable-sspi and openssl.
Iterating on Fernando Sanchez's answer and Robert's comment, you need to authenticate via SSPI. In my case I've connected using NTLM using this link
With curl using ntlm :
curl.exe --proxy <proxy_name>:<proxy_port> --proxy-ntlm -U : https://www.google.com
Also to partially answer your question the -U : means from curl man page :
If you use a Windows SSPI-enabled curl binary and do either Negotiate
or NTLM authentication then you can tell curl to select the user name
and password from your environment by specifying a single colon with
this option: "-U :".
You can get the proxy name and port from the windows registry (regedit). Quote from Robert's comment:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
It can be present either in a manual way using REG_SZ ProxyServer or using an autoconfiguration script using REG_SZ AutoConfigURL = https://<configuration_url>
If the curl command above fails with Failure when receiving data from the peer maybe you have a curl release without NTLM, SSPI or OpenSSL. Try with the latest curl release
Currently in Inetd , the protocol settings for a particular protocol is same for all the uses who are connecting to system using it . like FTP or so .
Is there a way to configure inetd to have a different settings for a particular user only ?
for example , currenlty in inetd:
ftp stream tcp nowait/100/40/20 /usr/libexec/ftpd ftpd -l -r
-W
Is there any way, to have configure new parameters ( nowait/300/50/40 for a particular FTP user only)
Well, the inetd.conf line is for enabling FTP when needed, and it always uses that settings. It is a global setting.
So the answer is no.
I'm trying to write a batch script (CMD # Windows XP Pro) that will automatically download and unzip packages with the help of 7zip and putty/psftp
If I have a URL to a package to download http://somesite.org/packages/package.zip how do I download it on command line using putty?
Also if you have a better way to do this that would be helpful too.
wget is of course an obvious solution, but I also suggest to have a look at cURL. From their website:
curl is a command line tool for
transferring files with URL syntax,
supporting FTP, FTPS, HTTP, HTTPS,
SCP, SFTP, TFTP, TELNET, DICT, LDAP,
LDAPS and FILE. curl supports SSL
certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload,
proxies, cookies, user+password
authentication (Basic, Digest, NTLM,
Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload
of other useful tricks.
Of course free and open source, and despite its huge list of supported protocols it's as simple to use as wget, so to use your example
curl -O http://somesite.org/packages/package.zip
downloads package.zip to a local file with the same name
curl -o myname.zip http://somesite.org/packages/package.zip
downloads package.zip as myname.zip
curl http://somesite.org/packages/package.zip > package.zip
redirects curl's stdout to package.zip
EDIT - example corrected, with thanks to #PrabhakarKasi
win32 version of wget:
http://pages.interlog.com/~tcharron/wgetwin.html
Putty isn't really a download tool. Unless you want to download something via SCP/SFTP. So yes, wget is more helpful here.
I don't know putty, but certainly wget can do. If you are in Windows, you can get it by cygwin or just google a win32 version.
pscp.exe -pw yourpassword you#somesite.org:/packages/package.zip .\
The path to /packages/package.zip should be whatever the path to the public web files are on the server. So, for example, on some old apache server, it might be:
pscp.exe -pw yourpassword you#somesite.org:/users/httpd/vhosts/default/packages/package.zip .\
Use pscp, which comes with PuTTY:
pscp user#host:/path/to/file.7z .
7z e file.7z
If you set this up with SSH keys, pscp won't have to ask you for a password.
I have connected to a server via SFTP using FileZilla and accepted adding the server's SSH key to the key cache in FileZilla.
How can I extract this cached key to a keyfile so that may use it through other SFTP applications that require a keyfile be made available?
I have not been able to find anything in the FileZilla documentation related to this.
If you use the standard openssh console client (cygwin or from linux), host keys are stored, one-per-line, in ~/.ssh/known_hosts. From there, it's a simple matter of figuring out which bit of that host key is needed for your library.
Putty also stores host keys, but it appears to encode them in hex. Those can be found at HKCUR\Software\SimonTatham\PuTTY\SshHostKeys
Thomas was correct. FileZilla piggybacks on PuTTY's PSFTP program and stores the saved keys encoded in a hex format at the registry key he listed (HKCUR\Software\SimonTatham\PuTTY\SshHostKeys). I needed the key in known_hosts format, so I has able to install a windows version of openssh at his recommendation and used the ssh-keyscan tool to hit the server and save the key info out in the correct format:
ssh-keyscan -t rsa <my_ftp_ip_address> > c:\known_hosts
ssh-keyscan -t dsa <my_ftp_ip_address> > c:\known_hosts
Thank you Thomas and SO!
If you'd rather use a GUI, you can snag the host key from the log window or the first-time connection popup using WinSCP FTP client: https://winscp.net/eng/docs/ssh_verifying_the_host_key
Thanks Dougman for the tip!
To further help any newcomers reading your answer.
Prior to running the ssh-keyscan, assuming the openssh is install by default, there is a few commands that needs to be run (read the quickstart/readme install for details).
Here are my commands which allow me to obtain the host key.
C:\Program Files\OpenSSH\bin>mkgroup -l >> ..\etc\group
C:\Program Files\OpenSSH\bin>mkpasswd -l >> ..\etc\passwd
C:\Program Files\OpenSSH\bin>net start opensshd
The OpenSSH Server service is starting.
The OpenSSH Server service was started successfully.
C:\Program Files\OpenSSH\bin>ssh-keyscan -t rsa vivo.sg.m.com > c:\known_hosts
vivo.sg.m.com SSH-2.0-Sun_SSH_1.1
Unless I am misunderstanding you: you don't need to.
If you connect to the server with another application (ie: PuTTY) and it has not seen the server before then you will be prompted to accept the key.
I see why you might want to do this, but each application could have it's own way to store keys.