tags:

views:

226

answers:

7

Hello, I am interested in writing an email sniffer that saves all emails sent via web based clients to hd, but I can't work out how to do this. How can I catch HTTPS mail before it is encrypted?

I would really appriciate some useful info. I cannot find anything information on the web. There's a program called HTTP Analyzer V5 that does the exact thing I want to make.

How should I start?

If I make a packet sniffer, it's useless because all data is encrypted.

Is there any other option?

+2  A: 

You can't. The data is encrypted inside of the browser program before being sent over HTTP.

Since you only seem to have access to HTTP, it's too late.

You might want to consider a keylogger to intercept the text as it enters the browser form (and the keylogger needs to be able to catch pasted text).

Of course, most decent virus checkers will detect the keylogger.

Hardware keylogger?

It might help us to help you if you cna explain more about what you want to do and where you have access.

LeonixSolutions
or he could try a man in the middle attac, then https is useless
helle
Hi,thx for answer,so what i really want to do is catch my own emails. When i write email for example on gmail and i send it, my program should catch it and save it to local hd.I posted an example of program doing this(HTTP Analyzer V5). When i tested it and sent mail from my https mailbox, it cought all the data i wrote to this mail, so subject, from, to, article, it seemed like it reconstructed http post. I want to do the exact same thing.Problem is that i dont know how this works. And as for access, I dont know what exact do you think, but i have admin rights
Rampage
A: 

If you have hardware contact in your local area it will by preaty easy, but now days you can't easy do sniffing. When hubs are replaced by switches analyzers are worthless for this. But http is over tcp (supplied with others backend protocols) so you can catch tcp frame and do some mash direct stream to your pc (or specialized device with uC because nowdays systems and programming platforms block low level operations).

inquisitor
i only need to sniff emails from local computer, not entire network.
Rampage
In this case I see two options: write a proxy server and do proxy on each client, and second (better but harder to do) write your app on raw sockets (allow bypassing).
inquisitor
Can you please be more specific how to write my own app. Yes i really want to write my own app on raw sockets. But my problem is that how can i simply get to the specific data?When i try to get to the data with localhost, arent they encrypted?
Rampage
@inquisitor: doesn't work. The HTTPS data is encrypted from the moment it leaves the socket of the web browser. Even if it goes through a proxy, all it knows is which server to forward the encrypted bytes to.
MSalters
I mised that, but if we have private key (on localhost) it can be realy possible - I don't try that.
inquisitor
A: 

Do you have control over the machines on which you intend to do this?

I used "The Grinder" before to capture HTTP requests for performance testing purposes, and it comes with a TCP Proxy component which logs all HTTP requests routed through it.

This includes the plain text content of form fields which are POSTed, which I assume would cover web mail "Send" buttons.

This may be a bit of a convoluted solution, but you could theoretically have the TCP Proxy running as a service on the client machine and have the connection pointed at the appropriate port on localhost.

I only ever took this as far as capturing my username and password as I logged into a web mail website (it worked), but nothing springs to mind immediately that would stop this from working on entire email messages.

C.McAtackney
Yes i have full control over machines i want to do this
Rampage
A: 

Programs like HTTP Analyzer can catch the HTTPS data because they insert themselves in the HTTPS stack. As a result, they get the data after it's generated but before it's being encrypted and put in IP packets. This is highly non-trivial.

An alternative might be to "build your own browser". This is easier than you'd think. FireFox is open source, and Internet Explorer is just a small graphic shell around the MSHTML web component. If you use your browser only with e.g. Gmail, then you don't need an address bar, favorites, view source etcetera, so you can write an even smaller shell around MSHTML. Just hardcode in GMail etcetera.

MSalters
I am quite interested in these problems, so if you know how to do this,or at least have some interesting articles that solves this issue. Please let me know. I do not expect that it will be trivial
Rampage
I would like to make it working with every browser. Please do you know anything more how HTTP analyzer works and how should i continue?
Rampage
A: 

You can write a browser extension that intercepts the HTTP request before the browser actually sends (and encrypts it). The exact details depend on the browser you use (e.g. Firefox, Explorer).

Amnon
A: 

You can't decrypt HTTPS, however, you can use man-in-the-middle programs to catch the HTTPS connection before it's created, and change the website's certificate with your own, which you WOULD be able to decrypt. Look up ettercap, and man-in-the-middle attacks.

John
My goal is to write program, no using existing one.
Rampage
These tend to be open source, so you can look at how they are doing it. :) For exampe: http://ettercap.sourceforge.net/download.php
John
A: 

Could you make a special webpage for displaying GMail that can at the same time load your own JavaScript file, such as in a hidden frame or DIV etc?

You could then intercept your email's string contents before it leaves the HTTP port of the browser, and logs itself onto a local text file?

This is assuming GMail don't use dynamic ID tags for their email forms

AlexW
I need to create program doing this for every web based client, not only gmail
Rampage
You could in theory write a script that can expect particular domains, and then prepare the variables accordingly with switches for each email service.
AlexW