You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ian Lord <ma...@msdi.ca> on 2008/06/18 16:48:00 UTC

[users@httpd] Packet debugging when using mod_ssl

Hi,

I am dealing with a connexion problem from a custom web browser.

For some reason, one particular user from the custom web browser is getting
an error 400 (Bad Request) from Apache on a specific page requested by POST.

I've did a lot of research and can't find what's wrong... I would like to
see the actual packets for the request to see what's in there to try to
diagnose the product further... The problem is that the connexion is ssl
encrypted with mod_SSL...

A packet analyser gave me the encrypted content so I am not able to analyse
it.

I found out about mod_log_forensic which dump the request to log file, but I
am not sure if I can trust the results. Log forensic shows a get request
instead of a post and it's very basic
"
+212e:485861ea:0|GET /
-212e:485861ea:0
"

In there, I expect to see a post, not a get, the host, the referrer, the
"Accept", etc but I see only this...

That's why I presume that the request is so bad apache doesn't log it
correctly using mod_log_forensic...

Is there a way to actually "dump" the content of the request after being
decrypted by mod_ssl but before it is analysed for processing ?

Or can anyone suggest me a way to debug this further ?

Thanks in advance




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Packet debugging when using mod_ssl

Posted by Krist van Besien <kr...@gmail.com>.

On Thu, Jun 19, 2008 at 18:34, Ian Lord <ma...@msdi.ca> wrote:

> I compiled mod_dumpio, load the module and activated it using
>
> DumpIOLogLevel debug
> DumpIOInput On
>
> I try it both into Server context and Virtual context and nothing was
> logged...

You must set "loglevel" to debug.

Krist


-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Packet debugging when using mod_ssl

Posted by Ian Lord <ma...@msdi.ca>.

From: Krist van Besien [mailto:krist.vanbesien@gmail.com] 
Sent: 18 juin 2008 11:15
Yes. mod_dumpio will do this for you:

http://httpd.apache.org/docs/2.0/mod/mod_dumpio.html

Krist

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I compiled mod_dumpio, load the module and activated it using

DumpIOLogLevel debug
DumpIOInput On

I try it both into Server context and Virtual context and nothing was
logged...

In server-info, I see that the module is loaded and there is no error in my
error.log

I am running freebsd, is there any library or anything else needed to run
mod_dumpio ?

Thanks


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Packet debugging when using mod_ssl

Posted by Krist van Besien <kr...@gmail.com>.

On Wed, Jun 18, 2008 at 16:48, Ian Lord <ma...@msdi.ca> wrote:

> Is there a way to actually "dump" the content of the request after being
> decrypted by mod_ssl but before it is analysed for processing ?

Yes. mod_dumpio will do this for you:

http://httpd.apache.org/docs/2.0/mod/mod_dumpio.html

Krist



-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Packet debugging when using mod_ssl

Posted by "Wilda, Jet" <Je...@ChasePaymentech.com>.

Hi,

	We use ssldump http://www.rtfm.com/ssldump/ to do that sort of
thing.  Though you may need to disable some of the cipher suites (found
that diffie-hellman doesn't work).

~Jet

-----Original Message-----
From: Ian Lord [mailto:mailing-lists@msdi.ca] 
Sent: Wednesday, June 18, 2008 10:48 AM
To: users@httpd.apache.org
Subject: [users@httpd] Packet debugging when using mod_ssl

Hi,

I am dealing with a connexion problem from a custom web browser.

For some reason, one particular user from the custom web browser is
getting
an error 400 (Bad Request) from Apache on a specific page requested by
POST.

I've did a lot of research and can't find what's wrong... I would like
to
see the actual packets for the request to see what's in there to try to
diagnose the product further... The problem is that the connexion is ssl
encrypted with mod_SSL...

A packet analyser gave me the encrypted content so I am not able to
analyse
it.

I found out about mod_log_forensic which dump the request to log file,
but I
am not sure if I can trust the results. Log forensic shows a get request
instead of a post and it's very basic
"
+212e:485861ea:0|GET /
-212e:485861ea:0
"

In there, I expect to see a post, not a get, the host, the referrer, the
"Accept", etc but I see only this...

That's why I presume that the request is so bad apache doesn't log it
correctly using mod_log_forensic...

Is there a way to actually "dump" the content of the request after being
decrypted by mod_ssl but before it is analysed for processing ?

Or can anyone suggest me a way to debug this further ?

Thanks in advance




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
----------
Learn more about Chase Paymentech Solutions,LLC payment processing services at www.chasepaymentech.com.

THIS MESSAGE IS CONFIDENTIAL.  This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above.  If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments.  If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org