I'm trying to intercept a webhook that sends inventory updates. When the webhook is sent through http, I can read the results just fine When the webhook is sent through https, the output is jumbled in random characters. I've been researching and making very little progress over the past couple of days.
I've created an certificate using Powershell and an exact copy of the localhost Example 9 from https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
and then added it to the trusted root certification authorities under Local Computer
When I run vb.net as administrator the error then changes from "System.ComponentModel.Win32Exception: 'The credentials supplied to the package were not recognized" to the SSPI error message below.
I also exported the .pfx using MMC.exe and then used the 2 commands from here under Solution, https://en.it1352.com/article/1828624.html
sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False)
returns with the below error I've tried using ssl3 tls10,11,12, all with the error "System.Security.Authentication.AuthenticationException: 'A call to SSPI failed, see inner exception.' Win32Exception: An unknown error occurred while processing the certificate (except ssl3 which tells me the algorithms don't match) I've also tried playing around with the ServicePointManager to no Avail.
Where am I going wrong here? What are my next few steps?
Edit: Further investigation leads me to this error code System.ComponentModel.Win32Exception (0x80004005): which seems to have something to do with permissions. I couldn't find permissions (edit, I found the permissions, but still unsuccessful) for the certificate itself, but i changed the permissions for the .pfx file, and for one single test, it seemed like i got passed the issue, and smacked right into my next one. However, I cannot recreate this semi-successful test even after recreating the pfx file. Is this even possible for me to do with an .exe? (edit: I think the semi success was actually the server catching a stray Retry attempt from the webhook that resulted in a different error)
Sub Main()
NAT()
Dim serverSocket As New TcpListener(System.Net.IPAddress.Any, 8008)
Dim certstore As X509Store = New X509Store(StoreName.Root, StoreLocation.LocalMachine)
certstore.Open(OpenFlags.MaxAllowed)
Dim certfile As X509Certificate = Nothing
For Each cert In certstore.Certificates
If cert.Thumbprint = "0F41BDC3ABAAA941AFD16EE3BD3BBA122DEF3042".ToUpper Then
certfile = cert
Msg("Cert Loaded")
End If
Next
Dim clientSocket As TcpClient = Nothing
Dim objCertificatePolicy As New CustomCertificatePolicyHandler
Dim infiniteCounter As Integer
Dim counter As Integer
serverSocket.Start()
Msg("WebHook Server Started!")
counter = 0
For infiniteCounter = 1 To 2
infiniteCounter = 1
counter += 1
ServicePointManager.ServerCertificateValidationCallback = objCertificatePolicy.ServerCertificateValidationCallback
ServicePointManager.Expect100Continue = True
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf AcceptAllCertifications)
clientSocket = serverSocket.AcceptTcpClient()
Dim dataFromClient As String
Dim bytesfrom(10024) As Byte
Dim networkStream As NetworkStream = clientSocket.GetStream()
Dim sslstream = New SslStream(clientSocket.GetStream(), False)
sslstream.AuthenticateAsServer(certfile, True, System.Security.Authentication.SslProtocols.Tls12, False)
sslstream.ReadTimeout = 5000
sslstream.WriteTimeout = 5000
sslstream.Read(bytesfrom, 0, bytesfrom.Length)
dataFromClient = System.Text.Encoding.ASCII.GetString(bytesfrom)
clientsList(dataFromClient) = clientSocket
Msg("WebHook Received " + vbCrLf + dataFromClient)
Dim client As New HandleClinet
client.StartClient(clientSocket, dataFromClient, clientsList)
Next
clientSocket.Close()
serverSocket.Stop()
Msg("exit")
DeleteMapping()
Console.ReadLine()
End Sub
Public Function AcceptAllCertifications(ByVal sender As Object, ByVal certification As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As System.Net.Security.SslPolicyErrors) As Boolean
Return True
End Function
Public Class CustomCertificatePolicyHandler
Implements ICertificatePolicy
Private ReadOnly _ServerCertificateValidationCallback As System.Net.Security.RemoteCertificateValidationCallback
Public Overridable ReadOnly Property ServerCertificateValidationCallback() As System.Net.Security.RemoteCertificateValidationCallback
Get
Return _ServerCertificateValidationCallback
End Get
End Property
Public Function CheckValidationResult(ByVal srvPoint As ServicePoint,
ByVal cert As X509Certificate, ByVal request As WebRequest,
ByVal certificateProblem As Integer) _
As Boolean Implements ICertificatePolicy.CheckValidationResult
'Return True to allow the certificate to be accepted.
Return True
End Function
Public Sub New()
MyBase.New()
End Sub
User contributions licensed under CC BY-SA 3.0