Thursday, September 4, 2014

Learned something new on my way to testing https posts

This is a quick post for testing https posts. If you were doing something simple and just sending http posts then you could use netcat (nc) with something like
$ sudo nc -l 80 < resp_200.txt
The file "resp_200.txt" simply has a a line "HTTP 200 OK". Netcat will open port 80 and respond to what ever connects to it with the text from that resp_200.txt file. It will dump output to the screen with the http post it received. Nice way to test your post. Ah but what do you do when you are sending a post to HTTPS?

OpenSSL can be used to provide some netcat type functionality. You can see a detailed view of this from Wsec "USING OPENSSL AS A NETCAT REPLACEMENT".

Quick how to is:

Create self signed cert
$  sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

Now use openssl to make a listener on port 443

$ sudo openssl s_server -accept 443 -cert mycert.pem

In my case I'm using Ruby to post to https similar to this example on Stackoverflow but with HTTPS instead of HTTP.

After you post you will see a bunch of text showing you the HTTP post information you sent.

This is a nice way to test your post code before you start hitting your production site.