I would like to know if their is some person here experienced with the HTTPS protocol over C without the use of http://curl.haxx.se/libcurl/, I guess I should use OpenSSL, but Im not sure.

I will use this lib (libcurl) for a project but would be nice to have some feedbacks/codes samples about this without the use of this external lib to have a better understand of what I'm coding. Thanx you.

well I dont know about this too :) but these links might be useful .
----------------------
talking to SSL in the iis-ssl DoS exploit : http://www.security.nnov.ru/files/sslbomb.c
char cipher_suites[] = /* 52 */
char bin_data[] = /* 1308 */
on making sessions and those shits .
---------------------
ASN1.1 parsing remember ?
http://cert.uni-stuttgart.de/archive/bu ... 00126.html (http://cert.uni-stuttgart.de/archive/bugtraq/2004/01/msg00126.html)
---------------------
and at last that damn openssl-too-open I remember that time wow many servers got 0wned with this shit .
good case study done by phreedom:
http://www.phreedom.org/solar/exploits/apache-openssl/
---------------------
this wont hurt too ! :
http://security.nnov.ru/exploits/?keyword=ssl

ok thx man

this one you sent me:

http://www.phreedom.org/solar/exploits/apache-openssl/

clear explanations, good paper :)

well I will explain better what Im trying to do because there is prolly much faster to do this with a win api that I dont know yet:

Im coding a small c program connection the MSN network via MSNP9, the auth is no more in clear text and I need to request to a ssl server a challenge ticket at "https://nexus.passport.com/rdr/pprdr.asp", to be able then to submit the encrypted password and to be logged on as a normal client, this will help me then to identify client bugs while sending them a msg, because rumours says that big vulnerabilities are identified while sending a crafted msg to some popular clients :)
Have found a .NET sample about all this:

HttpWebRequest ServerRequest = (HttpWebRequest)WebRequest.Create("https://nexus.passport.com/rdr/pprdr.asp");

if someone can submit me a small C sample on how to request a https:// via a smiliar way, thanx you.

looks like I can do only this with .NET framework libs
http://msdn.microsoft.com/library/defau ... temnet.asp (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfsystemnet.asp)

correct me or link me to something other if Im wrong.

got it, AfxParseURL

http://support.microsoft.com/default.as ... -us;168151 (http://support.microsoft.com/default.aspx?scid=kb;en-us;168151)

useful links :> I will post if I found sth .
our telephone line was cut off for a week ! ( not so astonishing in my country ) anyway
I am looking for a paper/book/ebook/everything that has introduced talking to different daemons in C , like https which is just mentioned .
any useful link ?

to do the https connection , Im using finally as msdn mention , the wininet lib, you should initiate those functions in the same order if im not wrong, much infos at msdn:


http://msdn.microsoft.com/library/en-us ... etopen.asp (http://msdn.microsoft.com/library/en-us/wininet/wininet/internetopen.asp)
http://msdn.microsoft.com/library/en-us ... onnect.asp (http://msdn.microsoft.com/library/en-us/wininet/wininet/internetconnect.asp)
http://msdn.microsoft.com/library/en-us ... equest.asp (http://msdn.microsoft.com/library/en-us/wininet/wininet/httpopenrequest.asp)
http://msdn.microsoft.com/library/en-us ... equest.asp (http://msdn.microsoft.com/library/en-us/wininet/wininet/httpsendrequest.asp)

you can initizate several type of connection with , http/https/gopher/ftp/etc...

well tnx man :)

my nasty MSNP9 P10 Client exploiter

65.54.239.80:1863 got buffer1
65.54.239.80:1863 got buffer2
65.54.239.80:1863 got buffer3
65.54.239.80:1863 we should move to 207.46.2.77:1863
207.46.2.77:1863 got buffer1
207.46.2.77:1863 got buffer2
207.46.2.77:1863 got buffer3
207.46.2.77:1863 got challenge string: lc=1033,id=507,tw=40,fs=1,ru=http%3A%2F
%2Fmessenger%2Emsn%2Ecom,ct=1122226087,kpp=1,kv=7, ver=2.1.6000.1,rn=DZB8XnDc,tpf
=982cb022d9bcd3dcf107efa0e7c40966
nexus.passport.com https sub-connection #1
nexus.passport.com retrieving login server
nexus.passport.com https sub-connection #1 success
nexus.passport.com https sub-connection #1 header:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 24 Jul 2005 17:28:09 GMT
P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PassportURLs: DARealm=Passport.Net,DALogin=loginnet.passport.com/login2.srf,DARe
g=https://accountservices.passport.net/UIXPWiz.srf,Properties=https://accountser
vices.msn.com/editprof.srf,Privacy=https://accountservices.passport.net/PPPrivac
yStatement.srf,GeneralRedir=http://nexusrdr.passport.com/redir.asp,Help=https://
accountservices.passport.net,ConfigVersion=13
nexus.passport.com test:loginnet.passport.com
nexus.passport.com test:/login2.srf
loginnet.passport.com https sub-connection #2
loginnet.passport.com retrieving hash ticket
loginnet.passport.com https sub-connection #2 success
loginnet.passport.com https sub-connection #2 header:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 24 Jul 2005 17:28:14 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOG3B02 V: 0
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 24 Jul 2005 17:27:14 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: MSPRequ=lt=1122226094&co=1&id=10
Set-Cookie: MSPBack=1122226093; domain=.passport.com;path=/;version=1
Content-Length: 1152

(...)

C:\>

:)

well Done !
I have no idea until I see the source :D
should be more than 20kb , lol

will pub it later yeah , it helps to be able to fuzze the differents clients on the MSN network ;)

haha awesome stuff mate :D

i look forward to some priv looks at (or pub :) ;)

Oh on topic of MSN exploits, i have played with 2, one both do work, png overflow and also nasty one by Kralor.. have them here somewhere, if ya need them just send me priv email i can post stuff to you without it having to be attachment ok :) thx bro