Another Guest post, From Mr. Praveen Singh (Also from Qseap Tech). This one too on IT Security. :)
SSL
communication:-
SSL stands for secure socket layer.
HTTP is the protocol used for communication between a client and server at the
Application layer. The Hyper Text Transfer Protocol (HTTP) is the
client-server network protocol that has been in use by the World-Wide Web since
1990. Whenever you surf the web, your browser will be sending HTTP request
messages for HTML pages, images, scripts and styles sheets. Web servers
handle these requests by returning response messages that contain the
requested resource. But now a days HTTPS is used for secure communication where
S stand for SSL. A SSL communication goes through following steps:
- Client send a request to the server to start the communication
- Server sends back its digital certificate back to the client.
- Client checks for:
Ø Domain name
Ø Expiry date
Ø Digital signature from a trusted
third party or self signed
` of
the certificate.
- If every thing is correct, the client generates a random session key (say S1). Client encrypts S1 by public key of the server and sends it to the server.
- Server decrypts the received data by its private key and obtains S1.
- once both the party have shared S1, all the request and responses are encrypted by S1 and exchanged, which can be decrypted at either side by S1.
This is how the SSL works
along with HTTP. It is shown in the following diagram:
Figure.1
Role of Local
proxy in SSL communication:-
A local proxy can be set on either
the host machine or inside a LAN. This proxy acts as a mediator between the
client and server. Once a local proxy is set, all the request and response goes
from this proxy to the server and vice-versa. These requests and responses can
be seen in plain text inside the proxy.
That was just a general explanation
about local proxy, but the point to be considered
is that, if we are using HTTPS (http + SSL), all the request and response should
go encrypted over the network. But still we can see the request and responses
in plain text inside the local proxy. Now this can be explained with a
simple diagram.
Figure.2
Here a proxy is set between client and server. Now this proxy
acts as a server (proxy server) for our client and for main server it acts as a
client (proxy client). Hence when we use a proxy, there are two SSL pipes used:
- From client to proxy
- From proxy to Server
When the client sends a request to the server, it first
reaches to the proxy. The proxy sends its own digital certificate to the
client. Client generates a session key (say S2). S2 is shared by the client and
proxy through public key cryptography. Then client encrypts the request with S2
and sends to the proxy. Proxy decrypts this request again by using S2 (this is
how we get plain text request in the proxy).
Likewise, now proxy acts as a client and sends the captured
request to main Server. Again, a new session key (say S3) is generated, which
is shared among proxy and the Server. The SSL communication between proxy and
server is done using S3. Hence the response from the server can be seen in
plain text inside the proxy.
--------------------------------------------------------------------------------------------------------------------------------
About the Company: Qseap Technology is a security company based in Navi Mumbai. It offers a wide variety of audits and security testing/consultancy services. For more please visit www.qseap.com