> Does anyone know a browser-like test tool which handles > SSL and shows the actual data including headers ? I might > even build one myself, since debugging these issues is > now quite a pain in the *ss. I know there is an SSL ca- > pable wget, but it's pretty irritating with cookies etc.
I ran into exactly this problem. I believe you would either have to capture the SSL traffic at the application level on the server or client, before or after it's encrypted/ decrypted; sniffers and intermediate proxies cannot decode SSL. This is by design. I use a commercial tool called TracePlus/WebDetective for Windows platform. http://www.sstinc.com/home_winsock.html It's shareware (costs about $200 US to register) and is a very good tool. There may be others, but I haven't found any. It intercepts the traffic at the desktop level before it's encrypted and will capture the headers and data flow for any winsock-based application, not just browsers (e.g. this works for Mozilla, IE, Acrobat, etc). My main workstation platform is Linux, but the majority of our end users are Win32 IE 5 and 6, so I run the TracePlus tool on a diagnostic Windows laptop. It would be very nice to discover a way to do this sort of SSL sniffing in a cross-platform manner (Linux, Solaris, HP/UX, etc). -----Original Message----- From: Martijn Schoemaker [mailto:[EMAIL PROTECTED] Sent: Thursday, August 29, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Siteminder/mod_proxy issues Hi, We use SM 4.51 and not yet the QMR4 web-agent. Will install and try this out right away. In any case, this does not seem to be a mod_proxy problem anyway. I did some more checking and the browser problems are probably caused by the Set-Cookie headers which are set multiple times. Also, the Cookies them- selves for the user that works are smaller that the ones for the user that don't work and this prolly gives strange effects in IE (who whould have guessed ? :)) Anyway, this seems more like a SM/Cookie/RFC issue and has no further relation with mod_proxy. Thanks all who replied for the input, and if insights change y'all will hear from me :) Greetings, Martijn Schoemaker P.S.: Does anyone know a browser-like test tool which handles SSL and shows the actual data including headers ? I might even build one myself, since debugging these issues is now quite a pain in the *ss. I know there is an SSL ca- pable wget, but it's pretty irritating with cookies etc. "Foust, Adam G." wrote: > We are beginning a Apache 1.3.26 reverse-proxy setup with SiteMinder. I have > not seen the double Set-Cookie strangeness. We are using SiteMinder 4.61 > with the QMR4 apache webagent. I've observed some strange URL rewriting > issues involved with multi-domain sign-on and using cookie providers, but > nothing that can't be worked around. > > Our setup is basically apache reverse-proxies (mod_proxy) behind F5 > load-balancers. The reverse-proxies chain through intermediate firewalls > through another (forward) mod_proxy to backend DMZ servers. > > I have been tracing HTTP headers and have not yet seen the behavior you > describe. Are you running SiteMinder 5.0? > -- You have reached the end of the message. Press [t] to go to the top of this message, or [c] to close it.
