tags:

views:

357

answers:

3
+2  Q: 

How to create Man in the Middle instrumentation

I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump.

Is there a good man-in-the-middle tool that I could use as instrumentation? I just need something that will show me the decrypted communication. Hopefully very easy to setup. I could even point the application to any IP address/port available to my machine (eg localhost:8888), so proxies would be fine. Also, I can probably configure the application to accept any certificate.

What do you use to simulate a man-in-the-middle (mitm) SSL attack?

UPDATE: I tried fiddler and can't get it to work. I installed openssl and typed the following command: openssl s_client -connect smtp.gmail.com:465

Gmail responds with their certificate and a 220 mx.google.com ESMTP .... However, Fiddler does not capture the traffic. I set the WinINET options in fiddler to "Use the same proxy server for all protocols". Can anyone else get this to work (or not work)? I think I need to find a way to have openssl use a proxy.

+1  A: 

I haven't use it for this purpose but Fiddler should be able to do what you want.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

eed3si9n  2010-01-25 23:53:05
I have also used Paros proxy for this.
GregS  2010-01-26 00:04:00
+4  A: 

Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.

Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.

Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.

The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.

Ryan Michela  2010-01-26 00:07:29
A: 

If you are using the amazingly useful Wireshark sniffer, then you can have it decrypt SSL if you are able to provide it the appropriate key files.

Mark Wilkins  2010-01-26 00:07:58
He likely does not have access to the server, so this won't work.
GregS  2010-01-26 00:24:48

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS