You're quite welcome. I'm sure the journalling-DLL approach
would work just as well. Just for information, if you have
administrative access to the server and it is based on Windows,
you might be able to save the certificate and key as a .pfx file,
then use the OpenSSL pkcs12 command to extract the key.
If you have the key, you could use a very simple man in the
middle program that just passes the data through. It would
not know what it is seeing, but later you could postprocess
the dump with the known key and decrypt the traffic.
Under Unix a man in the middle program can be done one of
three ways:
A1:
forever {
if nonblockingread(a) write(b)
if nonblockingread(b) write(a)
}
A2:
forever {
select(a,b)
if (select(hastraffic,a) and select(canwrite,b) {read(a) write(b)}
if (select(hastraffic,b) and select(canwrite,a) {read(b) write(a)}
}
B:
fork(another)
forever { blockingread(a) write(b) }
another:
forever { blockingread(b) write(a) }
I belive the one I wrote followed pattern A2. If you just
copy and journal bytes any of these would work fine.
Now, if you want to actually do SSL on the links, so the
man in the middle program is getting decrypted data,
one of these might be easier given the restrictions of the
OpenSSL read and write primitives. I believe there are
some difficulties with nonblocking IO. Are there also
some difficulties with select? For the fork case,
I suspect using different processes is more safe than using
different threads. Is the OpenSSL stuff thread-safe?
MacDermid, Kenny wrote:
From: Charles B Cranston
MacDermid, Kenny wrote:
I'm looking to locally reverse engineer a network protocol
that's encrypted using ssl.
Another method would be to use a man-in-the-middle attack on
a third machine, but that machine would need access to the
private key of the certificate to be used. Somewhere around
I have a generic man-in-the-middle Unix program that I wrote
to try to debug some early IMAP problems on the Handspring
Visor, but it doesn't have any SSL.
I don't actually have access to the server, or the private key
it is using. Also I'm guessing the client is smart enough to
check the server certificate, so I'm guessing a generic
man-in-the-middle is out.
Thank you for the reply Charles,
Kenny
--
"An Internet-connected Windows machine is tantamount to
a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
