SSL Proxy / Decryption? - ssl

One of my clients just received the software ordered from his chosen developers, asked me to look at it and prepare the hosting procedures.
It's an Java (jar) app, so far so good ... but I saw something suspect, every 60 minutes or so the software connects to a remote host :443 port using SSL and transferring ~ 3-10 MB of encrypted data (as POST) then closes the connection, this is very strange. Tried to wireshark it but everything is encrypted and I have no clue about what kind of data is transferred, I know only the destination hostname. The hosted data within the app will be highly sensitive (insurance-broker) and if my client decides to go with it - this is a serious issue for his business and also for his clients, I've asked the developer company about this and they said that no one added something like this even if I provided them the proff (pcap).
I can block it within firewall, but if they added something like this it could exist another hosts ready to receive the encrypted data.
The only way I can figure it out is to somehow decrypt the SSL traffic in order to read RAW data and give my client all the needed informations in order to talk with the developer company to sort it out, how can I do that ? With some sort of ssl-proxy or whatever ... tried to google it but didn't find any kind of relevant tutorials.
I have access to the physical machine which is running the Java application, I can see every single bit of the traffic but ... encrypted.

If I was in your place instead of trying to decrypt ssl connection would have tried following steps:
1)Since you are aware of the host to which it is making a post request , find out more about that service so as to learn what it does ? May be try contacting that site saying that we need to consume your service what should I send my in post request ;)
2)Second way around would be if you can decompile the jar file and find line in the source code which makes that request and then you could go back to the developer asking as why this has been written. To find the source code which is making the call what you could do is block the host access on your firewall.
The code would fail and mostly probably he would have logged the exception in his log files. Find the stack trace and you will know the line of code that is
making that request.
Hope this helps.

Related

Custom language server: how to get the client to send *all* files to the server, not just those opened/edited by the user?

I'm working on implementing a custom language server and a VSCode language extension. My starting point for the client side is lsp-sample. My server implementation is entirely from scratch, in a different language (not JS).
Currently, I've successfully set up textDocument/didOpen and textDocument/didChange messages to be sent by the client and received by the server. However, I'm having trouble figuring out how to synchronize all files in the VSCode workspace, not just those that the user has opened. I can't find where this is supported in the protocol. The only text document synchronization capabilities I see are for documents opening, closing, and edits. What about all the other documents in the workspace?
For example, in order to handle "goto definition" requests, the server needs to know about definitions in other files, perhaps those that have never been opened or edited by the user.
A hacky solution would be, on the server side, to parse the URI of the workspace and just go load a bunch of files manually. But this seems like something that the LSP should support; perhaps I'm just missing where it's documented. (Also, it feels like I would be violating the spirit of the LSP design to do some covert ops like this behind the scenes, without communicating with the client.)
Perhaps you're looking for
DidChangeWatchedFiles Notification
See Specification
The watched files notification is sent from the client to the server
when the client detects changes to files and folders watched by the
language client (note although the name suggest that only file events
are sent it is about file system events which include folders as
well). It is recommended that servers register for these file system
events using the registration mechanism. In former implementations
clients pushed file events without the server actively asking for it.
Basically the client is responsible of watching the files you require and sends a notification to the server each time something changes on them. At this point the server is capable to load them.

httpListener in local network without admin rights

I have the task to create a listener to a local computer inside a network. This computer takes POST from a web application and prints some stuff.
What I have done until now is to create an httpListener in a specific port and when the POST is received I send things to printer. That's works fine but only when the user has admin rights because the "netsh http..." needs admin rights to be executed.
Is there a way to bypass this restrictions somehow, because the computer is a simple pc and it couldn't has admin rights?
The app is written in VB.NET and will be run in a windows10 PC in a WindowsServer network.
netsh http add urlacl url="http://127.0.0.1:1234/" user=DOMAIN\USER
From what I've read, the backslash is important (trailing the port number). You could also replace 127.0.0.1 with + or * (being wildcards). Oddly enough, I had localhost listening on two different ports, and once I added one both were allowed to listen. It also seems possible to specify a group for user parameter. (In most examples, they demonstrate user=Everyone which I definitely wouldn't advise, if you can help it. Lock it down to a single account, acting like a service account.)
In my case, I'm using Grapevine. It wraps HttpListener, but giving you an example of that wouldn't be too relevant. (I'd highly recommend checking it out, especially if you're creating an API. It's been updated for years, and the developer is still responsive to feedback, and would save you a ton of work.) Just be mindful to mirror the prefix string you use for HttpListener in the netsh command. (Listening via wildcard is definitely different than localhost, and vice versa.)
https://serverfault.com/questions/273875/can-we-use-wildcards-with-netsh-http-add-urlacl-in-windows-7-2008r2
https://github.com/sukona/Grapevine
https://msdn.microsoft.com/en-us/library/windows/desktop/cc307223(v=vs.85).aspx
I'd check out the MSDN link for other parameters. It seems you may be able to lock down the ACL command even further.
(I also have no idea why you were down voted. Your question was perfectly fine, and I found it as one of the top results, as I had the same question.)

LoadRunner SSL Certificate issue

I am trying to monitor a https URL using VirtualUser Generator, I have the pfx certificate of the user which is used to login as a user on the portal. I used the Openssl utility with Loadrunner to convert the same to PEM and used web_set_certificate_ex on my script but still I see the script demands user certificate for the user. Please help...
I am trying to monitor
I don't know exactly what you mean by trying to "monitor" the URL using vugen but the latter part of your question sounds like you're trying to record a script and play it back. Since this is generally the function of vugen I'll answer this question. I'm also going to assume you're recording in the web/http protocol and not something like truClient.
Here's the thing - vugen will generally take care of the certificate exchange for you. The primary exception to this is mobile testing. I also actually made the same mistake I think you're making when I first started perf testing. I spent quite a bit of time futzing with certificates, but that is generally unnecessary.
You should make an attempt to record a very simple script, like login, and play it back. If it works, you're set. If you happen to be testing a middleware application you should consider recording in clear text and adding an 's' to your http:// URI.
Very simple advice, but if I understand the nature of your inquiry, it should work.
Try recording without certificate and see weather you can see the request bodies, if not, then you can think of placing client certificates also make sure you are using the right socket, SSL version and cipers to record the application.

Configuring Apache to forward requests to a custom (non-HTTP) process on host

I'd appreciate advise in configuring Apache (2.4.4) to forward traffic (i.e. the entries to a web form) to an external process running on the same host as Apache, but listening on a port say 4321.
Finally got an answer on the Apache forum. Thought I'd post it here for posterity's sake
I don't think this is an apache/httpd issue, but rather a programing
one. The form, when submitted, will go to a script that will process
the values on the form (hidden as well as user entered) and can do
whatever is necessary to send these data on in whatever manner is
needed. You may need to pick the programming language that back-ends
the form with a little care to make certain it can do what is
required, but the basic ones (things like perl and php) should be
able to handle this. You just need someone to do the necessary
programming.

Where Can I get a Web Server or File Share Server?

I'm trying to publish my program so that it can get updates and am told I have to publish my changes to a web server or file share server, but I have no idea about how I can go about getting one...are there free ones that will perform what I need to accomplish?
Ok, I don't know what to do and comments seem to go ignored.
I've tried setting the publish location to sites.google.com/site/mysite.com/filecabinetpage/PQCMFILES
and I got an error saying I needed "Front Page Server Extension Capabilities".
I tried setting it to http://productivityquotient.hostzi.com/PQCMFILES/ and it told me:
Error 1 Failed to connect to 'http://productivityquotient.hostzi.com/PQCMFILES/' with the following error: Unable to create the Web site 'http://productivityquotient.hostzi.com/PQCMFILES'. An error occurred accessing your site configuration files. Authors - if authoring against a web server, please contact the webmaster for this server's site. Webmasters - please see the server's application event log for more details. 1 1 Contact Manager
I tried setting it to a directory on the microsoft site and it said: "unable to create directory. files moved" or something like that.
I can't host it on an ftp server if I intend to use the updates feature and I don't know what to do...
Maybe Microsoft's free web hosting will allow you to do this.
000webhost.com is actually a pretty reliable host, with decent and free advertisement-free hosting. It also supports typical web server things such as FTP access, cpanel and e-mail accounts.
Their limit on free hosting is basically low disk space (1.5 GB) and bandwidth (100 GB/mo) and some minor content restriction. If that seems fine for you, then I highly recommend it. Even on free accounts, their ticket response time is blazing.
NearlyFreeSpeech, while not free, lets you host your application on a pay as you go plan. There are free web-hosts, but most lack the features of costies, such as FTP access.