Skip to content

httpRelayServer: restore POST body handling and add HTTPS/TLS support #2034

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 0 commits into from
Closed

httpRelayServer: restore POST body handling and add HTTPS/TLS support #2034

wants to merge 0 commits into from

Conversation

Coontzy1
Copy link

@Coontzy1 Coontzy1 commented Sep 6, 2025

httpRelayServer: restore POST body handling and add HTTPS/TLS support
This commit makes two improvements to httprelayserver.py:

  1. Restore POST body draining logic (httpRelayServer: read body content for POST requests #913):

    • Re-applies fix originally merged in 2021 by Rcarnus.
    • Ensures POST request bodies are consumed before returning 401 Unauthorized.
    • Fixes WSUS and other web clients that retry authentication on the same TCP stream.

  2. Add HTTPS/TLS support with improved logging:

    • Introduce optional SSL context when --https, --certfile, and --keyfile are provided.
    • Wrap inbound sockets with TLS, logging negotiated protocol/cipher on success.
    • On failures, log SSL error details, flagging early EOFs (likely client cert rejection).
    • Add startup banner showing port, IPv6/HTTPS status for clarity.

Together these changes allow ntlmrelayx to:

  • Correctly handle WSUS POST-based authentication flows.
  • Relay over HTTPS endpoints (e.g., WSUS 8531) with real certs or self-signed.
  • Provide more useful debug information for operators.

@anadrianmanrique anadrianmanrique added the medium Medium priority item label Sep 18, 2025
@Coontzy1 Coontzy1 force-pushed the master branch 2 times, most recently from 7eb1170 to 458c694 Compare October 2, 2025 13:47
@Coontzy1 Coontzy1 closed this Oct 2, 2025
@anadrianmanrique
Copy link
Collaborator

Hi @Coontzy1, is there any reason to close this one?

Coontzy1 added a commit to Coontzy1/impacket that referenced this pull request Oct 2, 2025
@Coontzy1
reactivate PR fortra#2034 (no code changes)
6d04dbd
@Coontzy1 Coontzy1 mentioned this pull request Oct 2, 2025
Open
@Coontzy1
Copy link
Author

Coontzy1 commented Oct 2, 2025

Hi @anadrianmanrique, I closed this by mistake. I wasn't able to reopen, so I reopened it as #2053.

@anadrianmanrique
Copy link
Collaborator

NP, thanks for reopening

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

medium Medium priority item

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Coontzy1 @anadrianmanrique