Intercept requests in SSL WebSocket connection (wss) - ssl

I have a WSS server running, and I want to intercept WebSocket messages between the client and the server.
I am able to intercept WebSocket messages using WS (no SSL) but haven't had any success with WSS (with SSL). I am getting an error about self-signed certs, which my testing client (wscat) doesn't want to use. (self signed certificate in certificate chain)
And lastly, how would I be able to intercept a connection from a different desktop application? So say if application A is trying to connect to a WSS server, how would I intercept that without telling the desktop application to use a proxy?
Thank you!
Unrelated to the question above, but I am also not able to proxy HTTPS requests because of this error:
sslv3 alert bad certificate

I am getting an error about self-signed certs, which my testing client (wscat) doesn't want to use.
This question is really is about wscat and not mitmproxy. https://stackoverflow.com/a/58149466/934719 mentions that you can pass -n to wscat to disable certificate checks for local testing.
And lastly, how would I be able to intercept a connection from a different desktop application? So say if application A is trying to connect to a WSS server, how would I intercept that without telling the desktop application to use a proxy?
If you cannot tell the desktop application to use a proxy, then it's probably the easiest to set up as a reverse proxy.

Related

IIS force asking for certificate to a client node.js application

I have an application running on IIS 8.5 on my Windows Server 2012 and I have configured it to use this certificate I just bought. So now I can access the website using https protocol.
I have node.js clients running on some computers outside my network and posting some data to the server from time to time. I want to secure that connection now that I have a SSL certificate. I've been googling around for a couple of hours and I was not able to have the picture of what I need to do.
My goal would be to do the HTTP POST from client and only the clients using the certificate would be allowed to upload data to my https://example.com/upload url.
Firstly, I need to configure IIS so that requires a certificate when doing the handshake but I have no option for that in the authentication panel inside my webapp. I only have these options:
What am I doing wrong?
Click on SSL Settings
Then tick Require SSL

how to configure SSL when self hosting Web api in https in local machine

I want to build a desktop app, which accepts triggers from the browser (my web application runs in https). As a solution i have implemented self hosting web api with OWIN which uses self signed certificate.
Registered the certificate for https using netsh command
netsh http add sslcert ipport=0.0.0.0:4443 certhash=‎40514d4576059d0c1c205c7b820cc0a407915b65 appid={163ea903-b9fd-4019-9c5c-7cdf158111a6}
Now when i try to send http request, browser complains that the certificate is not valid.
https://localhost:4443/api/download
Is it possible to create/buy valid certificates for localhost? (my app will be running on different user machines) Is there any other way i can solve my situation ( solving browser to local app communication)?
Basically i found that we cannot self host webapi in https. Because we cannot get a SSL for localhost, browser will not allow http request to that.

Websocket server with Self-Signed certificates in intranet application

I have an intranet application that runs over https and it needs to access a websocket sever that needs to runs over wss because chrome mixed content security. Both applications use self-signed certificates but is not possible to access the websocket server because chrome doesn't trust in self-signed certificate unless user authorize. So, cause of that the connection fails. Is there a way to have a valid certificate to use in intranet application? Or is there another way to solve this problem?
You can generate a certificate for websocket.intranet.example.com with a public DNS that doesn't point to the real websocket server, and then copy that certificate in the real server.
Of course, your internal DNS resolver must point websocket.intranet.example.com to the real websocket server

Websockets on localhost over https:// problems

I'm trying to write a service, my service is a WebsocketServer is written in nodejs, with express and the ws module. This service should be installed with node-webkit locally on a computer(on localhost) to communicate with a web site in https:// to exchange information. My problem is, that i need a trusted certificate for localhost(its not possible), because all browsers give a warning if i use a self signed certificate. I know i can ignore that warning, but in the future this software should be distribuited, and i dont want to give that warning for future clients. Is there a good way to resolve this problem?
Use one of the following options to work around this:
Package your client-side interface as a browser extension
Setup a Message Queue which transforms messages to your node server as Websocket requests
Use a PAAS provider with free certificates to proxy to your domain
References
How do I use a self signed certificate for a HTTPS Node.js server?
Simulating GitHub OAuth2 Login for Tests with JUnit, Webdriver & Hoverfly
Apache configuration using Self Signed Certificate - YouTube
Amazon SES: Sendmail
SMTP Gateway Plugin for RabbitMQ
Sending RabbitMQ messages via websockets

Accept server certificate for secured websocket connection

I am developing a secured Websocket server and realized that SSL at least requires server authentication.. That means, clients need to trust my certificates.
Is there a way to show up an "accept certificate" dialog at time the WSS is being established ?
What is the solution then ? Should I put the web application in an HTTPS connection ?
Of course I want to avoid having to manually send certificate to clients and asking them to trust it.
Thanks.
Websockets are not normal sockets. They are established by upgrading an existing HTTP(s) connection, so if you have HTTP they will be unencrypted and with HTTPS they will be encrypted and all the certificate check is already done before the upgrade to WebSockets started.