none
Filter Https traffic RRS feed

  • Question

  • HI,

      I want to monitor https request,for that i am trying to develop a proxy server(Man In The Middle approach).Is there any sample code available?my development is in VC++.How can i achieve this?please give some suggestions


    vkg
    • Moved by Helen Zhao Wednesday, February 8, 2012 7:26 AM (From:Visual C++ General)
    • Moved by Paul E Long Thursday, February 9, 2012 2:57 PM More a NDIS filter driver question (From:Network Monitor)
    Monday, February 6, 2012 5:38 AM

Answers

  • To achieve downlevel support, you would likely be best served by using NDIS Lightweight Filters.  As you noted WFP was not introduced until Windows Vista.  Using an NDIS LWF will allow you to act on packets after the miniport driver has received the packet  or before it gets the packet for transmission.

    NDIS LWFs are beyond the scope of this forum.  You can try the following link to get started (for Vista): http://msdn.microsoft.com/en-us/library/windows/hardware/ff570732(v=vs.85).aspx

    WinXP uses NDIS 5.0.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, February 14, 2012 6:03 AM
    Moderator

All replies

  • Hi vkgktm,

    According to your description, I'd like to move this thread to "Network Monitor Forum" for better support. We discuss general questions about Visual C++ in Visual C++ General Forum.

    Thanks for your understanding and active participation in the MSDN Forum.
    Best regards,


    Helen Zhao [MSFT]
    MSDN Community Support | Feedback to us

    Wednesday, February 8, 2012 7:26 AM
  • Actually the Network Monitor forum is for the product, and while we have an API, we can't intercept and change traffic.  You'll need to build an NDIS filter driver, and support for that would be support by a different group.  I'll try to move you to that group.

    Thanks,

    Paul

    Thursday, February 9, 2012 2:54 PM
  • You can use WFP and callouts to achieve your network monitoring.  for HTTPS though, the payload will remain encrypted throughout WFP processing (SSL is decrypted when the TCPIP stack hand the information off to HTTP.sys).

    Can you elaborate on your needs so I can better guide.

    Thanks,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Thursday, February 9, 2012 4:46 PM
    Moderator
  • Hi Dusty Harper,

          I want to use it in WindowsXp,2003 server and 2008 server also, since WFP can be used only in versions above vista i am not able to use it .Do you have any other suggestion?


    vkg

    Tuesday, February 14, 2012 5:09 AM
  • To achieve downlevel support, you would likely be best served by using NDIS Lightweight Filters.  As you noted WFP was not introduced until Windows Vista.  Using an NDIS LWF will allow you to act on packets after the miniport driver has received the packet  or before it gets the packet for transmission.

    NDIS LWFs are beyond the scope of this forum.  You can try the following link to get started (for Vista): http://msdn.microsoft.com/en-us/library/windows/hardware/ff570732(v=vs.85).aspx

    WinXP uses NDIS 5.0.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, February 14, 2012 6:03 AM
    Moderator