Problems with SSL via Proxy

Mohammed Rakhada morakhad at cisco.com
Wed Sep 21 19:45:48 UTC 2011 

Hello,

I am having trouble trying to use Web Polygraph with a Proxy.

I seem to have tracked it down to Web Polygraph not sending a Host
Header with the request and so the Proxy rejects the connections.

I have captured the network traffic during this to see what is happening
and I can see that for a request sent from my browser the Host Header is
sent but not when a request comes from Web Polygraph.

>From Web Polygraph to Proxy:

CONNECT 192.168.29.104:443 HTTP/1.1
Proxy-Connection: close

>From Browser to Proxy:

CONNECT 192.168.29.104:443 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.9.2.22)
Gecko/20110905 Ubuntu/10.04 (lucid) Firefox/3.6.22
Proxy-Connection: keep-alive
Host: 192.168.29.104

Here is an extract from my polygraph.pg file so you can see what I am
trying to do. Is there some configuration missing? Been stuck on this
problem for a while, originally had a problem trying to jsut run basic
SSL tests. When going direct from Client to Server (no proxy involved),
web-polygraph runs fine. If you require any further information please
do let me know.

I am running v 4.4.0.

SslWrap wrap = {
	protocols = [ "SSLv3", "TLSv1" ];
	root_certificate = "/opt/home/user/CA-priv+pub.pem";
	ciphers = [ "ALL:HIGH: !SSLv2: !aNULL: !AES128-SHA: !AES256-SHA:":
100% ];
    	rsa_key_sizes = [ 512bit, 1024bit, 2048bit ];
	ssl_config_file = "/opt/home/user/myssl.conf";
    	session_resumption = 40%;
    	session_cache = 100;
};


DnsResolver dr = {
    servers = [ '127.0.0.1:53' ];
    timeout = 5sec;
};


Server PlainServer = {
        kind = "HTTP";
        contents = [ cntJPG: 26%, cntGIF: 28%, cntPNG: 9%, cntPDF:
0.05%, cntZIP: 0.22%, cntMalware, cntEXE: 0.43%, cntSWF: 1.9%,
cntJavascript: 32% ];
        direct_access = contents;
	addresses = [ '192.168.29.104:8080' , '192.168.29.104:80' ];
};

Server SSL = PlainServer;

SSL = {
	kind = "HTTPS";
	addresses = [ '192.168.29.104:443' ];
	ssl_wraps = [ wrap ];
};

Robot R = {
        kind = "robot";
        pop_model = { pop_distr = popUnif(); };
        recurrence = 15% ;
        req_rate = 1/sec;
	ssl_wraps = [ wrap ]; 
	origins = [ PlainServer.addresses, SSL.addresses ];
         http_proxies = [ '192.168.111.42:8080' ];
	addresses = [ '192.168.29.101' ** 200 , '192.168.29.103' ** 5 ,
'192.168.29.105' ** 2 , '192.168.29.107'  ** 200, '192.168.29.109' **
200 , '192.168.29.111' ** 200 , '192.168.29.113' ** 200 ,
'192.168.29.115' ** 200 ];
};

use (hostnames);
use (SSL,PlainServer,R);

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.web-polygraph.org/pipermail/users/attachments/20110921/50c251ed/attachment.html>

More information about the Users mailing list