Bypass HTTPS Hostname Checking

Posted on 2008-10-17 20:26 | By: ferdhie | Tags: java | 0 Comments

System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

// create the socket, set connect timeout to 10secs
Socket socket = new Socket();
Socket socket.connect(new InetSocketAddress(host, port), 10*1000);

//Create a trust manager that does not validate certificate chains:
TrustManager[] tm = new TrustManager[] {
    new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
                                               
        public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
            return;
        }
                                               
        public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
            return;
        }
    }
};

SSLContext sc;
try {
    sc = SSLContext.getInstance("SSL");
    sc.init(null, tm, new SecureRandom());
} catch(Exception e) {
    throw new IOException("Failed while creating SSLSocket: " + e.getMessage());
}

// wrap out socket to secure socket
SSLSocketFactory socketfactory = sc.getSocketFactory();
socket = (SSLSocket)socketfactory.createSocket(socket, host, port, true);

// now use it like a common socket
OutputStream out = socket.getOutputStream();
InputStream in = socket.getInputStream();

Download As Text

Embed Snippet:

0 Comments

Post A Comment