log outgoing urls over ssl

crusty5 has asked for the wisdom of the Perl Monks concerning the following question:

Wise ones I throw myself at your mercy.

In summary my problem is this:

- In the past I have sent orders to a secure site through module UseIE. That way with an automatic login I dont have to worry about permissions etc. URLs automatically generated and posted.

- Site has now changed from html form to java, which needs a different URL construction.

- My web guru at work has moved on, who somehow redirected the page to his server which threw back the completed form data.

- Need to figure out the new URL construction. I thought the easiest way is to somehow monitor the outgoing URLs when I fill out and submit the form manually.

I tried HTTP::Recorder but this does not work over secure connnections.

Any other ideas or modules that can help?? I am a mere mortal running Win2k.

Comment on log outgoing urls over ssl

Replies are listed 'Best First'.
Re: log outgoing urls over ssl by cazz (Pilgrim) on Apr 12, 2005 at 15:01 UTC
There are a couple of ways to do this: If you can modify the form, specify a different action target to a host/cgi that you own to log the submitted data. If the form doesn't have the protocol/host specified in the action, you might be able to get away with a simple ssl proxy, using stunnel or the like. You might be able to perform some DNS trickery after the getting the form, but before submitting it and direct the app to a web server you own with a CGI script that logs all the input variables. If you can't do any of the above and the app you are using uses the standard win32 networking/crypto APIs, you can hook the SSL calls in wininet. There are products available to do that such as this one. I only suggest the crypto hooking last since it costs money, the rest of the options cost time.	[reply]
Re^2: log outgoing urls over ssl by crusty5 (Initiate) on Apr 22, 2005 at 10:07 UTC
Thanks cazz. For one of the pages it was a snap to modify the action to a public cgi (Thanks to Rebol for http://www.reboltech.com/cgi-bin/rebol/test.cgi ) Another page has a whole lot of java and hidden values, so I checked it using a demo of the product that hooks the ssl calls. Of course the values are hidden to make you pay the cash. Tried one ssl proxy to no avail so will now try stunnel or the dns route. Cheers.	[reply]