0

I was playing with the hosts file under my linux distro. Added an entry

 192.168.3.121   www.facebook.com

in the /etc/hosts file. Created 2 servers which link to an index.html file at ports 80 and 443. Now when trying to access www.facebook.com through firefox or chrome, I get the below errors.

Firefox Errro

Chrome Error

Also on the server 192.168.3.121 logs, I do receive some hex strings from the browser

 192.168.3.121 - - [11/Jul/2016 14:30:55] code 400, message Bad request syntax ('\x16\x03\x01\x00\xb9\x01\x00\x00\xb5\x03\x030_x\xe6\x13\xa5x\xe4\xcdHQ\x9d\x8c\xcd\xe9\x9co\xa0LpO\x81}\xad\x1b}"\x83\xceM\x98\xdd\x00\x00\x16\xc0+\xc0/\xc0')

While when I try with a website which doesn't uses SSL, I can successfully redirect the browsers to my home website on 192.168.3.121. What internal security are the Browsers implementing and is there a way by which I can make the browsers redirect an https website to my ip 192.168.3.121 ?

harveyD
  • 218
  • 1
  • 3
  • 10
  • Try restarting browser. – Aria Jul 14 '16 at 11:24
  • 2
    Another bit is that you may not have SSL enabled on your own server at all. Try using https://192... – Aria Jul 14 '16 at 11:26
  • @Aria The above screen shots are taken after restarting. Your second comment has caught my eye. I will try installing certificate and check. Thanks Aria. – harveyD Jul 14 '16 at 11:27
  • Maybe read this wikipedia entry: https://en.wikipedia.org/wiki/X.509#Sample_X.509_certificates – wireghoul Jul 14 '16 at 12:20
  • Kudos @Aria. Completely forgot about the SSL handshake. The client start by informing about the highest SSL supported version/cipher suite etc. And this all was the hex string being reflected in the logs. I had created a certificate for my http server and it works smoothly. – harveyD Jul 14 '16 at 12:24

2 Answers2

4

The error message indicates that the server expected a HTTP request but got a HTTPS request: \x16\x03\x01\ is the start of an TLS record. This probably means that your server configuration is wrong, i.e. that the server expects HTTP on port 443 and not HTTPS.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

  1. Generate a self-signed certificate compounded of a certificate and a private key for the server. Command used is 

    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

  2. Create an index.html file.

  3. Start a python https server using the below code in the same directory where the index.html file is.

    import BaseHTTPServer, SimpleHTTPServer
import ssl

httpd = BaseHTTPServer.HTTPServer(('192.168.3.121', 443), SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket (httpd.socket, certfile='path/to/192.168.3.121.pem', server_side=True)
httpd.serve_forever()

  4. Restart the browser and make the request.

  5. Don't forget to edit the hosts file accordingly.

  6. Refs# https://www.piware.de/2011/01/creating-an-https-server-in-python/ http://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-secure-communica/

harveyD
  • 218
  • 1
  • 3
  • 10