I'm experimenting with OpenSSL on my network application and I want to test if the data sent is encrypted and can't be seen by eavesdropper.
What tools can you use to check? Could this be done programmatically so it could be placed in a unit test?
I'm experimenting with OpenSSL on my network application and I want to test if the data sent is encrypted and can't be seen by eavesdropper.
What tools can you use to check? Could this be done programmatically so it could be placed in a unit test?
check out wire shark http://www.wireshark.org/
and tcp dump http://en.wikipedia.org/wiki/Tcpdump
Not sure about integrating these into unit tests. They will let you look at a very low level whats going on at the network level.
Perhaps for the unit test determine what the stream looks like unencrypted and make sure the encrypted stream is not similar
Yeah - Wire Shark (http://www.wireshark.org/) is pretty cool (filters, reports, stats).
As to testing you could do it as a part of integration tests (there are some command line options in wireshark)
openssl has an s_client, which is a quick and dirty generic client that you can use to test the server connection. It'll show the server certificate and negotiated encryption scheme.
Franci Penov made an answer to one of my questions "Log Post Parameters sent to a website", suggesting I take a look at Fiddler: http://www.fiddler2.com/fiddler2/
I tried it and it works beautifully, if you're interested in viewing HTTP requests. :)
As mentioned before http://www.wireshark.org/, you can also use cain & able to redirect the traffic to a 3rd machine and anylze the protocol from there.