Re: log outgoing urls over ssl

There are a couple of ways to do this:

If you can modify the form, specify a different action target to a host/cgi that you own to log the submitted data.
If the form doesn't have the protocol/host specified in the action, you might be able to get away with a simple ssl proxy, using stunnel or the like.
You might be able to perform some DNS trickery after the getting the form, but before submitting it and direct the app to a web server you own with a CGI script that logs all the input variables.
If you can't do any of the above and the app you are using uses the standard win32 networking/crypto APIs, you can hook the SSL calls in wininet. There are products available to do that such as this one.

I only suggest the crypto hooking last since it costs money, the rest of the options cost time.

Comment on Re: log outgoing urls over ssl

Replies are listed 'Best First'.
Re^2: log outgoing urls over ssl by crusty5 (Initiate) on Apr 22, 2005 at 10:07 UTC
Thanks cazz. For one of the pages it was a snap to modify the action to a public cgi (Thanks to Rebol for http://www.reboltech.com/cgi-bin/rebol/test.cgi ) Another page has a whole lot of java and hidden values, so I checked it using a demo of the product that hooks the ssl calls. Of course the values are hidden to make you pay the cash. Tried one ssl proxy to no avail so will now try stunnel or the dns route. Cheers.	[reply]

Replies are listed 'Best First'.

Re^2: log outgoing urls over ssl
by crusty5 (Initiate) on Apr 22, 2005 at 10:07 UTC

Another page has a whole lot of java and hidden values, so I checked it using a demo of the product that hooks the ssl calls. Of course the values are hidden to make you pay the cash.

Tried one ssl proxy to no avail so will now try stunnel or the dns route.

Cheers.

[reply]