* Packet sniffing... sort of
@ 2004-04-11 0:54 Antony Stone
2004-04-11 1:34 ` Filip Sneppe
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Antony Stone @ 2004-04-11 0:54 UTC (permalink / raw)
To: Netfilter
Hi people.
This is not strictly a netfilter question, but I'm wondering if maybe someone
can help or make a suggestion?
I want to pick up a packet stream, but for an HTTPS connection, and using a
standard packet sniffer like ethereal just gives me the encrypted SSLv3
stuff, not the plaintext data which I need to see.
Can anyone think how I can see the content of packets from a browser running
on my machine, which is posting a form back to a remote server somewhere,
using HTTPS?
I can do anything I want on the client machine (and I can see the source code
of the form page too), however when I try sending what I think is the same
data back to the server from a Perl program instead of from my browser, the
remote server complains at me (and not in a helpful way, either - it says
"500 Internal Server Error").
Any suggestions gratefully received :)
Regards,
Antony.
--
The difference between theory and practice is that in theory there is no
difference, whereas in practice there is.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 0:54 Packet sniffing... sort of Antony Stone
@ 2004-04-11 1:34 ` Filip Sneppe
2004-04-11 1:47 ` Antony Stone
2004-04-11 1:44 ` Anupam
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Filip Sneppe @ 2004-04-11 1:34 UTC (permalink / raw)
To: Netfilter
On Sun, 2004-04-11 at 02:54, Antony Stone wrote:
> Can anyone think how I can see the content of packets from a browser running
> on my machine, which is posting a form back to a remote server somewhere,
> using HTTPS?
>
Hi Antony,
Take a look at ssldump - it does exactly what you want. But you'll need
access to the server as ssldump will need the server's private key.
Regards,
Filip
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 0:54 Packet sniffing... sort of Antony Stone
2004-04-11 1:34 ` Filip Sneppe
@ 2004-04-11 1:44 ` Anupam
2004-04-11 3:08 ` Richard Hector
2004-04-11 4:43 ` John A. Sullivan III
3 siblings, 0 replies; 8+ messages in thread
From: Anupam @ 2004-04-11 1:44 UTC (permalink / raw)
To: Netfilter
Antony Stone wrote:
> Hi people.
>
> This is not strictly a netfilter question, but I'm wondering if maybe someone
> can help or make a suggestion?
>
> I want to pick up a packet stream, but for an HTTPS connection, and using a
> standard packet sniffer like ethereal just gives me the encrypted SSLv3
> stuff, not the plaintext data which I need to see.
Antony,
Congratulations, you got it right in first guess. This, certainly, is
not netfilter related question.
Now, a simple string like, "SSL man in the middle attack" on Google will
give you what you desire.
All the best,
Anupam
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 1:34 ` Filip Sneppe
@ 2004-04-11 1:47 ` Antony Stone
0 siblings, 0 replies; 8+ messages in thread
From: Antony Stone @ 2004-04-11 1:47 UTC (permalink / raw)
To: Netfilter
On Sunday 11 April 2004 2:34 am, Filip Sneppe wrote:
> On Sun, 2004-04-11 at 02:54, Antony Stone wrote:
> > Can anyone think how I can see the content of packets from a browser
> > running on my machine, which is posting a form back to a remote server
> > somewhere, using HTTPS?
>
> Hi Antony,
>
> Take a look at ssldump - it does exactly what you want. But you'll need
> access to the server as ssldump will need the server's private key.
Not possible, unfortunately - I am at the client end only :(
Thanks for the suggestion though.
Antony.
--
The truth is rarely pure, and never simple.
- Oscar Wilde
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 0:54 Packet sniffing... sort of Antony Stone
2004-04-11 1:34 ` Filip Sneppe
2004-04-11 1:44 ` Anupam
@ 2004-04-11 3:08 ` Richard Hector
2004-04-11 3:25 ` Antony Stone
2004-04-11 4:43 ` John A. Sullivan III
3 siblings, 1 reply; 8+ messages in thread
From: Richard Hector @ 2004-04-11 3:08 UTC (permalink / raw)
To: Netfilter
On Sun, Apr 11, 2004 at 01:54:39AM +0100, Antony Stone wrote:
>
> I want to pick up a packet stream, but for an HTTPS connection, and using a
> standard packet sniffer like ethereal just gives me the encrypted SSLv3
> stuff, not the plaintext data which I need to see.
>
> Can anyone think how I can see the content of packets from a browser running
> on my machine, which is posting a form back to a remote server somewhere,
> using HTTPS?
>
> I can do anything I want on the client machine (and I can see the source code
> of the form page too), however when I try sending what I think is the same
> data back to the server from a Perl program instead of from my browser, the
> remote server complains at me (and not in a helpful way, either - it says
> "500 Internal Server Error").
Can you write your perl program in the form of a proxy - so your browser
connects to it in the clear, and it sends the requests on using ssl?
Then you can either dump the traffic from your program, or sniff it
ahead of the proxy in the normal way.
Richard
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 3:08 ` Richard Hector
@ 2004-04-11 3:25 ` Antony Stone
0 siblings, 0 replies; 8+ messages in thread
From: Antony Stone @ 2004-04-11 3:25 UTC (permalink / raw)
To: Netfilter
On Sunday 11 April 2004 4:08 am, Richard Hector wrote:
> On Sun, Apr 11, 2004 at 01:54:39AM +0100, Antony Stone wrote:
> >
> > Can anyone think how I can see the content of packets from a browser
> > running on my machine, which is posting a form back to a remote server
> > somewhere, using HTTPS?
>
> Can you write your perl program in the form of a proxy - so your browser
> connects to it in the clear, and it sends the requests on using ssl?
> Then you can either dump the traffic from your program, or sniff it
> ahead of the proxy in the normal way.
Hm, that's not a bad idea - I can set my browser to use "NULL" encryption
(which the real server won't accept :), and then turn it back into normal
DES/RSA on the proxy, connecting to the outside world.
Thanks for the suggestion.
Regards,
Antony.
--
If builders made buildings the way programmers write programs, then the first
woodpecker to come along would destroy civilisation.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
2004-04-11 0:54 Packet sniffing... sort of Antony Stone
` (2 preceding siblings ...)
2004-04-11 3:08 ` Richard Hector
@ 2004-04-11 4:43 ` John A. Sullivan III
3 siblings, 0 replies; 8+ messages in thread
From: John A. Sullivan III @ 2004-04-11 4:43 UTC (permalink / raw)
To: Netfilter
On Sat, 2004-04-10 at 20:54, Antony Stone wrote:
> Hi people.
>
> This is not strictly a netfilter question, but I'm wondering if maybe someone
> can help or make a suggestion?
>
> I want to pick up a packet stream, but for an HTTPS connection, and using a
> standard packet sniffer like ethereal just gives me the encrypted SSLv3
> stuff, not the plaintext data which I need to see.
>
> Can anyone think how I can see the content of packets from a browser running
> on my machine, which is posting a form back to a remote server somewhere,
> using HTTPS?
>
> I can do anything I want on the client machine (and I can see the source code
> of the form page too), however when I try sending what I think is the same
> data back to the server from a Perl program instead of from my browser, the
> remote server complains at me (and not in a helpful way, either - it says
> "500 Internal Server Error").
>
> Any suggestions gratefully received :)
>
> Regards,
>
> Antony.
This sounds like a good place for a legitimate man-in-the-middle
attack. I would suggest taking a look at ettercap
(http://ettercap.sourceforge.net). I have found it not only a good
security tool but an excellent network analysis tool for tough jobs like
sniffing on switched networks and intercepting and decoding https
streams. You can run it, place your station between the client and
server and see all the traffic in the clear either in ettercap or in
Ethereal - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Packet sniffing... sort of
@ 2004-04-11 5:11 hclfm
0 siblings, 0 replies; 8+ messages in thread
From: hclfm @ 2004-04-11 5:11 UTC (permalink / raw)
To: Netfilter
[-- Attachment #1: Type: text/html, Size: 1388 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-04-11 5:11 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-11 0:54 Packet sniffing... sort of Antony Stone
2004-04-11 1:34 ` Filip Sneppe
2004-04-11 1:47 ` Antony Stone
2004-04-11 1:44 ` Anupam
2004-04-11 3:08 ` Richard Hector
2004-04-11 3:25 ` Antony Stone
2004-04-11 4:43 ` John A. Sullivan III
-- strict thread matches above, loose matches on Subject: below --
2004-04-11 5:11 hclfm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox