DJ got to talking about HTTP proxies, and how they are important. He also mentioned the usefulness of being able to inspect the transaction going backwards and forwards between the client and server (headers, content etc.). We also discussed the possibility of writing one in Perl. After 5 minutes on Google sure enough, I found one from non other than Randal from a column he wrote several years ago. This almost exactly suited my purpose, except that as most websites do, ours has some pages covered by SSL. Herein lay the challenge. I couldn’t find an example of a Perl based proxy server that covers both HTTP and HTTPS, so I took Randals’ example and modified it to this. The really interesting thing is finding out how browsers and clients in general can vary so widely in how they implement SSL. lwp-request and Konqueror allow both http and direct https SSL proxying. Mozilla and IE don’t (they implement the CONNECT palava) etc.
The discussion also went arround the fact that you can’t actually “proxy” SSL and inspect it without breaking the chain so to speak - where the proxy actually negotiates certificates with the client instead of the client negotiating with the end target.

Posted by PiersHarding at September 3, 2002 5:59 AM