Overview

Screenshots

Download

Quick Start

Tutorials

F.A.Q.

WorkShop n°12 : Turning TcpCatcher into a transparent web proxy

In some situation, you may want to use TcpCatcher as a transparent web proxy (ie the client application is not aware that it is talking to a proxy). For example, you may want to monitor an SSL communication without any change at client level.




• For demonstration purposes, we are going to transparently monitor our SSL communication between our browser and our secured gmail web mail (https://mail.google.com)



• First let's start TcpCatcher, check the option 'Transparent Proxy Mode' (note that TcpCatcher is now ready to open port 80 and 443 which are classical port HTTP and HTTPS) and check 'Monitor SSL' and then click on 'Apply settings and start'.






• Let's add an entry in our etc\hosts file to map mail.google.com to our localhost (assuming TcpCatcher is running on local host) so TcpCatcher will receive all the requests targeting mail.google.com. Because we have checked the 'Transparent Proxy' option, TcpCatcher will ignore this network redirection and will still resolve the actual gmail ip.
  
               # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost 127.0.0.1 mail.google.com
               C:\Windows\System32\drivers\etc\hosts file or for Linux users /etc/hosts file
  
  
• Now , let's remove any proxy configuration in our browser settings, so our browser is not aware of any proxy in the middle anymore (it should be configured as usal). Let's restart our browser and visit https://mail.google.com.


• Accept security warnings (about the certificate not matching gmail and being self signed, because our browser is receiving TcpCatcher's certificate and not gmail's) and now your SSL communication is being transparently monitored




• [ NEW FEATURE introduced with v 2.23.0 ]Now in order not to trigger any security warning at client level, we can tell TcpCatcher to issue a server certificate that will match our target server name.



• Since this certificate is ussued by TcpCatcher Trust Authority you need to download and insert in your client trustore the TcpCatcher Root Certificate (the procedure is described here). Once you have done that, the certication chain should be valid !




---

Report a bug or suggest a new feature

Set up your browser

System Requirements

Features & Releases History

Terms of Use

Privacy

Share |

Some others sites we like :


A great loan simulator
Working days calculator in the USA.
Working days calculator in China
Working days calculator in the UK and Ireland
Un simulateur de crédit surprenant
Calcul du nombre de jours ouvrés, fériés entre deux dates en France
Arbeitstage in Deutschland.
Dias laborables en España
Giorni lavorativi in Italia
Dias úteis no Brasil