You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Oleg Kalnichevski <ol...@apache.org> on 2006/02/01 19:12:45 UTC
Re: R: R: Proxy ssl problem
On Tue, 2006-01-31 at 16:00 +0100, MENNO ANGELO (Esterno) wrote:
> Hi Oleg,
> i followed your directive about traffic analyzer (I used Packetyzer), confronting httpClient and browsers behaviors.
>
> On http everything seems to be ok.
> On https connections, Packetyzer gives me just the connect-to-proxy phase in clear mode (others packets are encrypted).
> This phase have three steps, CONNECT, NEGOTIATE, AUTH (all from Local to Proxy).
>
> The last one gives me some interesting informations on proxy authorization.
> The differences are that with httpClient :
> - "NTLM Response" value is "Empty"
> - Flag "Negotiate 56" value is "Not set"
> - Flag "Negotiate 128" value is "Not set"
> - Flag "Negotiate 0x02000000" value is "Not set"
> - Flag "Negotiate NTLM2 key" value is "Not set"
> - Flag "Negotiate Always Sign" value is "Not set"
> - Flag "Negotiate This is Local Call" value is "Set"
> - Flag "Negotiate Domain Supplied" value is "Set"
> - Flag "Negotiate OEM" value is "Set"
> - Flag "Negotiate UNICODE" value is "Not set"
>
> Can be this the heart of my problem?
No, it can not. As far as I understand the real problem is about
authentication with the target site and not about authentication with
the proxy.
Then you are left with only one option. Get a plug-in for your browser
that can reveal what HTTP packets the browser receives and sends. Log in
into the site using the browser, capture all the packets transmitted
over the wire and simulate the same session using HttpClient
Oleg
> How can I change this parameters?
>
> Thanks a lot,
> Tyler
>
>
> -----Messaggio originale-----
> Da: Oleg Kalnichevski [mailto:olegk@apache.org]
> Inviato: venerdì 27 gennaio 2006 12.56
> A: HttpClient User Discussion
> Cc: MENNO ANGELO (Esterno)
> Oggetto: Re: R: Proxy ssl problem
>
> On Fri, 2006-01-27 at 12:46 +0100, Oleg Kalnichevski wrote:
> > On Fri, 2006-01-27 at 12:36 +0100, MENNO ANGELO (Esterno) wrote:
> > > >This is likely to be due to the 'stale' connection check. If you think
> > > >this may be the cause of some problems, disable the 'stale' connection
> > > >check.
> > > >
> > > >For details see
> > > >http://jakarta.apache.org/commons/httpclient/performance.html#Stale%
> > > >20connection%20check
> > >
> > > done, it works, great!
> > >
> > > >What cookie policy have you been using?
> > >
> > > I tried all 4 options, Default, Compatibility, Netscape, RFC_2109.
> > > different headers, same wrong results and behavior.
> > >
> > > There is a strange fact,
> > > I'm logging headers in post-excecution :
> > > for (int i = 0; i < post.getRequestHeaders().length; i++)
> > > System.out.println("post Headers : " + post.getRequestHeaders()[i].getName() + ", " + post.getRequestHeaders()[i].getValue());
> > >
> > > next, I log the cookies :
> > > Cookie[] cookies = httpclient.getState().getCookies();
> > > for (int i = 0; i < cookies.size(); i++) {
> > > System.out.println("cookieName[" + i + "] = " + cookies[i].getName() + ", cookieValue[" + i + "] = " + cookies[i].getValue());
> > > }
> > >
> > > ibveSession value is different, and the header one is correct (the one i posted before in request phase, i suppose).
> > >
> >
> > Tyler,
> >
> > The best thing you can do in this situation is to capture the HTTP
> > session generated by a browser using a browser plug-in (you cannot just
> > use a traffic analyzer because the data is encrypted in transport) and
> > try to emulate this HTTP session using HttpClient
> >
> > Oleg
> >
>
> Wait. You are hitting the site via a proxy, right? So, just use a
> traffic analyzer to capture the traffic between the browser and the
> proxy. You can see what HTTP packets HttpClient generated by turning on
> the wire log. Comparing the two will surely let see what HttpClient does
> differently
>
> Oleg
>
>
> >
> >
> > > Thanks,
> > > Tyler
> > >
> > > -----Messaggio originale-----
> > > Da: Oleg Kalnichevski [mailto:olegk@apache.org]
> > > Inviato: venerdì 27 gennaio 2006 11.33
> > > A: HttpClient User Discussion
> > > Cc: MENNO ANGELO (Esterno)
> > > Oggetto: Re: Proxy ssl problem
> > >
> > > On Fri, 2006-01-27 at 10:39 +0100, MENNO ANGELO (Esterno) wrote:
> > > > Hi,
> > > > i'm trying to use httpClient to connect my bank site.
> > > > I 'have a proxy and the bank site use the https protocol.
> > > > Login process give me an Ok Response and a javascript redirect to
> > > > another page.
> > > > I follow that redirect and it give me another redirect.
> > > > This second one take me to a new home page with a login button! (it is
> > > > different from the first home page).
> > > >
> > > > If i try to get a know internal page it give me an error one with
> > > > message "Session expired. You have to reconnect"
> > > >
> > > > By Dolphin browser i discovered that the first redirect is correct
> > > > (login is ok), not the second.
> > > >
> > > > By Netscape broser i saw that :
> > > > - the session cookie are 3, called ibveSession, Ibno0Session, SHARK.
> > > > - connection is AES-256 256 bit of encryption grade.
> > > >
> > > > -My httpClient the sequense is :
> > > > - call the http home page, it give me the ibveSession with a value, for
> > > > example A.
> > > > - call the https login link, simulating the login form.
> > > > - response is ok, ibveSession is still A and the new Ibno0Session cookie
> > > > is obtained.
> > > > - follow the redirect, ibveSession is changed (sic!), Ibno0Session
> > > > remains the same (sic sic!!).
> > > >
> > > > Using debug and -Djavax.net.debug=all options, i don't find errors, just
> > > > :
> > > > AWT-EventQueue-0, setSoTimeout(1) called
> > > > AWT-EventQueue-0, handling exception: java.net.SocketTimeoutException:
> > > > Read timed out
> > > > AWT-EventQueue-0, setSoTimeout(0) called
> > > >
> > >
> > > This is likely to be due to the 'stale' connection check. If you think
> > > this may be the cause of some problems, disable the 'stale' connection
> > > check.
> > >
> > > For details see
> > > http://jakarta.apache.org/commons/httpclient/performance.html#Stale%
> > > 20connection%20check
> > >
> > > >
> > > > that seems to be right cause it is followed by a correct comunication.
> > > >
> > > > I have put my attention on html post parameters and everything seems to
> > > > be ok.
> > > >
> > > > I tried to give them a wrong User/password and it correctly give me an
> > > > error page.
> > > >
> > > > I conclude that the problem is at cookie/session level.
> > > >
> > > > I have no more ideas so i try with your help.
> > > >
> > > > Does httpclient support 256 encription rate?
> > >
> > > HttpClient relies on JSSE for the SSL/TLS support. Any encryption
> > > algorithm supported by JVM's JSSE providers can be used by HttpClient.
> > >
> > > For details see
> > > http://jakarta.apache.org/commons/httpclient/sslguide.html
> > >
> > > > Does httpclient support 3 session cookies?
> > > >
> > >
> > > HttpClient supports infinite number of cookies (limited only by the size
> > > of the JVM's heap)
> > >
> > > What cookie policy have you been using?
> > >
> > > For details see
> > > http://jakarta.apache.org/commons/httpclient/cookies.html
> > >
> > > Oleg
> > >
> > > > thanks,
> > > > Tyler
> > > >
> > > > ps: Dolphin doesn't use httpClient... :|
> > > >
> > > >
> > > > -----------------------------------------------------------------------------------------
> > > >
> > > > Il contenuto del messaggio e di ogni suo allegato e' da ritenersi riservato e confidenziale ed e' indirizzato esclusivamente al destinatario. Chi ricevesse il presente messaggio senza esserne l'effettivo destinatario e' tenuto a non divulgarlo, diffonderlo o riprodurlo in alcun modo.
> > > >
> > > > Qualora abbiate ricevuto la presente comunicazione per errore siete pregati di rispedirla al mittente e di cancellare il messaggio originale dal Vostro sistema di posta elettronica. Grazie
> > > >
> > > > Agos S.p.A.
> > > > via Bernina, 7
> > > > 20158 MILANO
> > >
> > >
> > > -----------------------------------------------------------------------------------------
> > >
> > > Il contenuto del messaggio e di ogni suo allegato e' da ritenersi riservato e confidenziale ed e' indirizzato esclusivamente al destinatario. Chi ricevesse il presente messaggio senza esserne l'effettivo destinatario e' tenuto a non divulgarlo, diffonderlo o riprodurlo in alcun modo.
> > >
> > > Qualora abbiate ricevuto la presente comunicazione per errore siete pregati di rispedirla al mittente e di cancellare il messaggio originale dal Vostro sistema di posta elettronica. Grazie
> > >
> > > Agos S.p.A.
> > > via Bernina, 7
> > > 20158 MILANO
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> >
> >
>
>
> -----------------------------------------------------------------------------------------
>
> Il contenuto del messaggio e di ogni suo allegato e' da ritenersi riservato e confidenziale ed e' indirizzato esclusivamente al destinatario. Chi ricevesse il presente messaggio senza esserne l'effettivo destinatario e' tenuto a non divulgarlo, diffonderlo o riprodurlo in alcun modo.
>
> Qualora abbiate ricevuto la presente comunicazione per errore siete pregati di rispedirla al mittente e di cancellare il messaggio originale dal Vostro sistema di posta elettronica. Grazie
>
> Agos S.p.A.
> via Bernina, 7
> 20158 MILANO
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org