I just stumbled across a problem concerning Proxy clients that are using the CONNECT command for establishing a direct tunneled connection through WebScarab.
The current implementation assumes that such connections are always TLS connections - which sometimes is not the case.
The problem is that the host specified by the CONNECT command does not contain a protocol scheme, therefore we have to guess (or may be try-out?) if the destination port expects an TLS or plain TCP connection. The only available indicator for guessing the protocol scheme is the port number.
Therefore I see three possible options:
1. By default all tunnel connections are assumed to be HTTPS connections, only for common HTTP ports like 80 we use a plain HTTP connection.
2. By default all tunnel connections are assumed to be HTTP connections, only for common HTTPS ports like 443 we use a SSL/TLS encrypted HTTP connection.
3. By default all tunnel connections are assumed to be HTTPS connections. We try to establish the connection and if that fails we fall back to HTTP.
Option 1 and 2 are easy to implement (my modified WebScarab uses option 2). Option 3 needs a bit mor work and I don't know if it implies further problems.
Affected class: org.owasp.webscarab.model.Request
public void parse(StringBuffer buff);
public void read(InputStream is, HttpUrl base);