You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jmeter-dev@jakarta.apache.org by Todd Nine <to...@gmail.com> on 2005/06/10 20:40:17 UTC
Creating an HTTPS Proxy
Hi All,
First I would like to say great job on the existing JMeter. It can handle
just about 99% of what we throw at it. I am however attempting to develop
some extra functionality in the Proxy, and I could use some help. I have a
few questions, and any guidance would be greatly appreciated.
1. Is anyone currently working on an HTTPS proxy?
2. HTTPS was created as an end to end security measure. As a result creating
an HTTPS Proxy is essentially creating an "man in the middle" attack. Is it
even possible to create an HTTPS proxy?
3. The current proxy exists in org.apache.jmeter.protocol.http.proxy. I have
come up with the following options
3.1 A new package of org.apache.jmeter.protocol.https.proxy is created with
a https only proxy. The user will have to set up an https proxy in their
browser.
3.2 Extract an interface from HttpRequestHdr and HttpRepyHdr. Then use the
existing header parsing for HTTP, and create an HTTPS implementation. The
implementation could then determine if the request/response is HTTP or HTTPS
possible via an isProtocol(Buffer) method. This will allow the user to
define a single proxy.
Thanks all,
Todd
Re: Creating an HTTPS Proxy
Posted by sebb <se...@gmail.com>.
On 6/10/05, Peter Lin <wo...@gmail.com> wrote:
> that's an interesting question.
>
> I think you should be able to use Badboy to record HTTPS traffic to
I think Badboy can do it because it actually hooks into the browser,
so can get at the requests before they are encrypted.
Perhaps other browsers (e.g. Firefox) also have similar recording facilities.
In which case it might not be too hard to write a utility to convert
the output to JMeter format.
> build a test plan. I suppose one way to do this is to have the browser
> point to HTTP, but the proxy then changes it to https.
>
> this way, JMeter proxy can easily record the request, but send https
> to the server. might be a crazy idea :)
Not so crazy - that's what OpenSTA does:
http://portal.opensta.org/modules.php?op=modload&name=phpWiki&file=index&pagename=RecordingHttps
>
> peter
>
>
> On 6/10/05, Todd Nine <to...@gmail.com> wrote:
> > Hi All,
> > First I would like to say great job on the existing JMeter. It can handle
> > just about 99% of what we throw at it. I am however attempting to develop
> > some extra functionality in the Proxy, and I could use some help. I have a
> > few questions, and any guidance would be greatly appreciated.
> >
> >
> > 1. Is anyone currently working on an HTTPS proxy?
> >
> > 2. HTTPS was created as an end to end security measure. As a result creating
> > an HTTPS Proxy is essentially creating an "man in the middle" attack. Is it
> > even possible to create an HTTPS proxy?
> >
> > 3. The current proxy exists in org.apache.jmeter.protocol.http.proxy. I have
> > come up with the following options
> >
> > 3.1 A new package of org.apache.jmeter.protocol.https.proxy is created with
> > a https only proxy. The user will have to set up an https proxy in their
> > browser.
> >
> > 3.2 Extract an interface from HttpRequestHdr and HttpRepyHdr. Then use the
> > existing header parsing for HTTP, and create an HTTPS implementation. The
> > implementation could then determine if the request/response is HTTP or HTTPS
> > possible via an isProtocol(Buffer) method. This will allow the user to
> > define a single proxy.
> >
> > Thanks all,
> > Todd
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org
Re: Creating an HTTPS Proxy
Posted by Peter Lin <wo...@gmail.com>.
that's an interesting question.
I think you should be able to use Badboy to record HTTPS traffic to
build a test plan. I suppose one way to do this is to have the browser
point to HTTP, but the proxy then changes it to https.
this way, JMeter proxy can easily record the request, but send https
to the server. might be a crazy idea :)
peter
On 6/10/05, Todd Nine <to...@gmail.com> wrote:
> Hi All,
> First I would like to say great job on the existing JMeter. It can handle
> just about 99% of what we throw at it. I am however attempting to develop
> some extra functionality in the Proxy, and I could use some help. I have a
> few questions, and any guidance would be greatly appreciated.
>
>
> 1. Is anyone currently working on an HTTPS proxy?
>
> 2. HTTPS was created as an end to end security measure. As a result creating
> an HTTPS Proxy is essentially creating an "man in the middle" attack. Is it
> even possible to create an HTTPS proxy?
>
> 3. The current proxy exists in org.apache.jmeter.protocol.http.proxy. I have
> come up with the following options
>
> 3.1 A new package of org.apache.jmeter.protocol.https.proxy is created with
> a https only proxy. The user will have to set up an https proxy in their
> browser.
>
> 3.2 Extract an interface from HttpRequestHdr and HttpRepyHdr. Then use the
> existing header parsing for HTTP, and create an HTTPS implementation. The
> implementation could then determine if the request/response is HTTP or HTTPS
> possible via an isProtocol(Buffer) method. This will allow the user to
> define a single proxy.
>
> Thanks all,
> Todd
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jmeter-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jmeter-dev-help@jakarta.apache.org