Re: Packet sniffing... sort of - John A. Sullivan III

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <john.sullivan@nexusmgmt.com>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Re: Packet sniffing... sort of
Date: Sun, 11 Apr 2004 00:43:50 -0400	[thread overview]
Message-ID: <1081658629.2015.13.camel@localhost> (raw)
In-Reply-To: <200404110154.39209.Antony@Soft-Solutions.co.uk>

On Sat, 2004-04-10 at 20:54, Antony Stone wrote:
> Hi people.
> 
> This is not strictly a netfilter question, but I'm wondering if maybe someone 
> can help or make a suggestion?
> 
> I want to pick up a packet stream, but for an HTTPS connection, and using a 
> standard packet sniffer like ethereal just gives me the encrypted SSLv3 
> stuff, not the plaintext data which I need to see.
> 
> Can anyone think how I can see the content of packets from a browser running 
> on my machine, which is posting a form back to a remote server somewhere, 
> using HTTPS?
> 
> I can do anything I want on the client machine (and I can see the source code 
> of the form page too), however when I try sending what I think is the same 
> data back to the server from a Perl program instead of from my browser, the 
> remote server complains at me (and not in a helpful way, either - it says 
> "500 Internal Server Error").
> 
> Any suggestions gratefully received :)
> 
> Regards,
> 
> Antony.

This sounds like a good place for a legitimate man-in-the-middle
attack.  I would suggest taking a look at ettercap
(http://ettercap.sourceforge.net).  I have found it not only a good
security tool but an excellent network analysis tool for tough jobs like
sniffing on switched networks and intercepting and decoding https
streams.  You can run it, place your station between the client and
server and see all the traffic in the clear either in ettercap or in
Ethereal - John

-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com

next prev parent reply	other threads:[~2004-04-11  4:43 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-11  0:54 Packet sniffing... sort of Antony Stone
2004-04-11  1:34 ` Filip Sneppe
2004-04-11  1:47   ` Antony Stone
2004-04-11  1:44 ` Anupam
2004-04-11  3:08 ` Richard Hector
2004-04-11  3:25   ` Antony Stone
2004-04-11  4:43 ` John A. Sullivan III [this message]
  -- strict thread matches above, loose matches on Subject: below --
2004-04-11  5:11 hclfm

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1081658629.2015.13.camel@localhost \
    --to=john.sullivan@nexusmgmt.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox