I would like to handle HTTP on very low level - at the moment I'm stuck with HTTP CONNECT verb. It looks like HttpListener doesn't have access to these request because they are handled somewhere inside HTTP API or HTTP.SYS. I'm able to handle such requests with native TcpListener but in such case I would lose all HTTP functionality = I would implement HTTP from scratch.
I also checked FiddlerCore but it also handles these requests on some Win API layer. Is there any pure .NET HTTP stack?
Edit: I'm working on HTTP proxy with some additional request analysis and statistics so I don't want to lose HTTP parsing and in the same time I want to know about SSL connections.
Use Tcp* ans Socket*, not Http* related classes to use really low level in .NET.
TCP is at the bottom of HTTP protocol stack.
Use TCP sockets if you want it to, just use "winsock2.dll" interop calls form c#, and all related stuff like structure definitions etc, or use native C++
Well, if you are building your custom HTTP/HTTPS server or proxy and you don't mind third-party components, then our SecureBlackbox includes HTTP/HTTPS server components which let you do almost anything with any verb. Pure .NET, use any socket classes.
Ok. Again the problem is not in API but in developer :)
I have some test suite to test my implementation but the test suite was connecting directly (not as to a proxy) - that was the first problem. The second problem was that this test suite should use TcpClient instead of HttpWebRequest if I want to test Connect verb separately because HttpWebRequest uses it only internally when using proxy for HTTPS.
Related
I'm new to gRpc and now learning this tech
I'm wondering if gRpc can replace SignalR for updating notification bar on my client-side app (React).
Is that the case? or should I keep using SignalR for this matter?
(I'm asking it just to make sure I understand the purpose of the gRpc tech, by few articles I read it's more a web API replacement and few others compare it to SignalR)
Thanks!
y-me
Assuming you meant browser-based clients, then NO you cannot use gRPC. The gRPC protocol relies on HTTP/2 framing and in particular the ability to send and receive HTTP trailers. While browser themselves can and do use HTTP/2, current browser APIs (XHR/Fetch) don't expose HTTP/2 semantics.
There is however an alternative protocol, gRPC-web, that supports a subset of gRPC functionality you can utilize from a browser-based application. Given that it is a different protocol, your server will need to support it or you will need to employ a proxy like Envoy that can translate gRPC-web calls to gRPC.
I can't answer your question has if it is usable for Server/Client communications, just offer some thoughts. SignalR is made for the purpose of real time communications between Client and Server because of it's adaptability, and gRPC by it's constraints (HTTP/2 and HTTPS) is more reserved for backend micro-services communications.
BACKGROUND INFORMATION: PROGRAM WRITTEN IN C#
I'm working on a program right now that connects through a SOCKS5 proxy (coded from scratch. works well enough.), but I'd also like to (through that proxy) communicate to a DESTINATION through SSL.
I've done some research, googled many a time, and have come to the conclusion that SslStream won't be ideal for my situation. I NEED to first authenticate with the SSL through the proxy, and THEN start sending encrypted packets, once I receive the key.
QUESTIONS:
How can I encrypt my packets with TLS in C#? For some reason I can't at all figure it out. I'm stuck! :(
What is the raw syntax required to even REQUEST said SSL certificate?
You might want to have a look at the TLS implementation in the open source Bouncy Castle cryptography library. If it won't work as-is, you can hack it into doing what you need. If you want to deep-dive the specification itself, you'll find it as IETF RFC 5246.
As you've probably discovered, though, doing any portion of the connection setup work yourself leaves you with no way to use the WebRequest family of classes to handle the HTTP portion of the protocol work. That leaves you with two options I can see: do the HTTP yourself as well (I found a trivial example HTTP client floating around the net), or change the current user proxy server settings
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="socks=socks.example.net:1080"
then send the request normally using the WebRequest classes.
I'd like to offer you SSLBlackbox package of our SecureBlackbox product. Among numerous other components it has a simple SSL client component that is socket-based, can connect via different proxies (SOCKS, HTTPS CONNECT) and supports all features of SSL/TLS up to TLS 1.2. If you need more control, you can use any custom socket, and not just built-in socket support. This lets you use the components for securing traffic that goes not via sockets at all (pigeon mail can be secured this way as well).
An HTTPS client is available and included into SSLBlackbox as well.
I have a server client application.
The clients sends the server http posts with info every second or so.
The server is implemented using C#, there server doesn't need to respond in any way to the client.
Whats the easiest and most practical way to get this done? Is there some kind of library that is easy to use that I can import into my project.
Why not just use a regular old web service? It sounds like you have simple functionality that doesn't need to maintain a connection state. With a web service, you can simply expose the methods to your client, accessible via HTTP/S. If you're already using .NET for your client, you can simply add a web reference to your project and have .NET do the heavy lifting for you. There wouldn't be any need to reinvent the wheel.
You can use http.sys to create your own http listener without IIS or additional overhead. Aaron Skonnard has a good article here.
Because of certain limitations of uhttpsharp (specifically no support for POST forms and file uploads and it using threads to process requests), I've made NHttp available at github which supports full request parsing like ASP.net and processes requests using the asynchronous TCP model.
As a part of a larger application I need to implement an SSL tunnel in C#. I was wondering if there's a better way of doing that instead of writing each step of SSL negotiation myself which sounds like reinventing the wheel.
Do you know if there are any libraries that I could use to minimize the code I need to write or any tutorials which show how this or similar thing can be implemented most efficiently in .NET?
SSlStream should do most of the work for you.
It's not clear what you mean by SSL tunnel. If I understand it right, you need some client-side software which acts as a local server (to which other applications connect), this software then connects using SSL to your server-side software, which in turn takes the data out of the SSL tunnel, and routes them further. In this case you would need client-side and server-side SSL/TLS components. You can use our SecureBlackbox for this task. SecureBlackbox provides comprehensive support for SSL/TLS protocol with complete control over connection and certificate management.
It can be that you need not plain SSL channel, but some kind of encrypting proxy. In this case you need to decide what exactly kind of proxy you want (will it be SOCKS proxy or HTTP CONNECT proxy) and implement it on the client side. one of the benefits of such proxy is that it can transfer the real connection address (i.e. where the client wants to go to) to the remote server, and that remote server will perform connection. This is more flexible approach, but it would require some (minimal, I should say) coding to implement the stuff, related to SOCKS or HTTP CONNECT request parsing and response generation.
.NET includes SSL support, centred around the System.Net.Security.SslStream class.
Is there a way to get internal http requests in a Flash, using C#?
Basically I need analyze all http traffic.
The normal way to do this is to install a local proxy server such as fiddler specifically for that task.
You can use SharpPcap to do Ethernet packet capture from C# (not a pure managed solution), or use Wireshark. That's for very sophisticated analysis needs - otherwise a proxy is fine, as suggested by Joel Coehoorn.