I'm trying to intercept a webhook that sends inventory updates. When the webhook is sent through http, I can read the results just fine When the webhook is sent through https, the output is jumbled in random characters. I've been researching and making very little progress over the past couple of days.
I've created an certificate using Powershell and an exact copy of the localhost Example 9 from https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
and then added it to the trusted root certification authorities under Local Computer
When I run vb.net as administrator the error then changes from "System.ComponentModel.Win32Exception: 'The credentials supplied to the package were not recognized" to the SSPI error message below.
I also exported the .pfx using MMC.exe and then used the 2 commands from here under Solution, https://en.it1352.com/article/1828624.html
sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False)
returns with the below error I've tried using ssl3 tls10,11,12, all with the error "System.Security.Authentication.AuthenticationException: 'A call to SSPI failed, see inner exception.' Win32Exception: An unknown error occurred while processing the certificate (except ssl3 which tells me the algorithms don't match) I've also tried playing around with the ServicePointManager to no Avail.
Where am I going wrong here? What are my next few steps?
Edit: Further investigation leads me to this error code System.ComponentModel.Win32Exception (0x80004005): which seems to have something to do with permissions. I couldn't find permissions (edit, I found the permissions, but still unsuccessful) for the certificate itself, but i changed the permissions for the .pfx file, and for one single test, it seemed like i got passed the issue, and smacked right into my next one. However, I cannot recreate this semi-successful test even after recreating the pfx file. Is this even possible for me to do with an .exe? (edit: I think the semi success was actually the server catching a stray Retry attempt from the webhook that resulted in a different error)
Sub Main() NAT() Dim serverSocket As New TcpListener(System.Net.IPAddress.Any, 8008) Dim certstore As X509Store = New X509Store(StoreName.Root, StoreLocation.LocalMachine) certstore.Open(OpenFlags.MaxAllowed) Dim certfile As X509Certificate = Nothing For Each cert In certstore.Certificates If cert.Thumbprint = "0F41BDC3ABAAA941AFD16EE3BD3BBA122DEF3042".ToUpper Then certfile = cert Msg("Cert Loaded") End If Next Dim clientSocket As TcpClient = Nothing Dim objCertificatePolicy As New CustomCertificatePolicyHandler Dim infiniteCounter As Integer Dim counter As Integer serverSocket.Start() Msg("WebHook Server Started!") counter = 0 For infiniteCounter = 1 To 2 infiniteCounter = 1 counter += 1 ServicePointManager.ServerCertificateValidationCallback = objCertificatePolicy.ServerCertificateValidationCallback ServicePointManager.Expect100Continue = True ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications) clientSocket = serverSocket.AcceptTcpClient() Dim dataFromClient As String Dim bytesfrom(10024) As Byte Dim networkStream As NetworkStream = clientSocket.GetStream() Dim sslstream = New SslStream(clientSocket.GetStream(), False) sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False) sslstream.ReadTimeout = 5000 sslstream.WriteTimeout = 5000 sslstream.Read(bytesfrom, 0, bytesfrom.Length) dataFromClient = System.Text.Encoding.ASCII.GetString(bytesfrom) clientsList(dataFromClient) = clientSocket Msg("WebHook Received " + vbCrLf + dataFromClient) Dim client As New HandleClinet client.StartClient(clientSocket, dataFromClient, clientsList) Next clientSocket.Close() serverSocket.Stop() Msg("exit") DeleteMapping() Console.ReadLine() End Sub Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean Return True End Function Public Class CustomCertificatePolicyHandler Implements ICertificatePolicy Private ReadOnly _ServerCertificateValidationCallback As System.Net.Security.RemoteCertificateValidationCallback Public Overridable ReadOnly Property ServerCertificateValidationCallback() As System.Net.Security.RemoteCertificateValidationCallback Get Return _ServerCertificateValidationCallback End Get End Property Public Function CheckValidationResult(ByVal srvPoint As ServicePoint, ByVal cert As X509Certificate, ByVal request As WebRequest, ByVal certificateProblem As Integer) _ As Boolean Implements ICertificatePolicy.CheckValidationResult 'Return True to allow the certificate to be accepted. Return True End Function Public Sub New() MyBase.New() End Sub
User contributions licensed under CC BY-SA 3.0