|
|
Packet Sniffer for SSL Packets?
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
Does anyone know of one for OS X? I know wireshark does it but I'm having an issue getting Wireshark to work. Any ideas?
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
CocoaPacketAnalyzer (CPA) and Packet Peeper sniff packets and run well on my Mac (10.5.6, MBP C2D). Both support tcpdump-compatible filters, which should help you filter for SSL (I assume you mean TCP port 443, unless you're targeting something besides https, like someone using SSL-based communications for VPN, mail, etc., which would be rare for regular users).
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
Originally Posted by Cold Warrior
CocoaPacketAnalyzer (CPA) and Packet Peeper sniff packets and run well on my Mac (10.5.6, MBP C2D). Both support tcpdump-compatible filters, which should help you filter for SSL (I assume you mean TCP port 443, unless you're targeting something besides https, like someone using SSL-based communications for VPN, mail, etc., which would be rare for regular users).
Thanks. Where can I get a TCPDump filter for SSL? I'd just be viewing HTTPS packets. I tried doing it with CocoaPacketAnalyzer but I guess it doesn't come with the needed filter. Thanks again for the help.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Type the words port 443 into the filter box and it'll work.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
I'm assuming the OP knows that the HTTPS packets won't be decrypted.
Or maybe the packet sniffers mentioned do. I just know I've never seen one that does.
(If they do, I'd be interested in knowing. I do a lot of coding work with HTTPS.)
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Wouldn't having a packet sniffer that could decrypt SSH essentially defeat secured connections?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
Originally Posted by goMac
I'm assuming the OP knows that the HTTPS packets won't be decrypted.
Or maybe the packet sniffers mentioned do. I just know I've never seen one that does.
(If they do, I'd be interested in knowing. I do a lot of coding work with HTTPS.)
yeah that's actually what i was looking for... i was told by someone that http://www.ieinspector.com/httpanalyzer/ will do it, and according to the site, it does. However, that's for Windows as you can see. Would it be possible to run that program with Bootcamp or something? I really avoid windows unless 100% necessary so if there's a way to run that program, let me know.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
That program says it will analyze HTTPS not crack it. Those are very different things. You are not going to be able to crack https without getting very good at active attacks.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Yes, please call me once someone / some app can sniff AND crack SSH on the fly.
-t
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
Originally Posted by JesseHolmz
yeah that's actually what i was looking for... i was told by someone that http://www.ieinspector.com/httpanalyzer/ will do it, and according to the site, it does. However, that's for Windows as you can see. Would it be possible to run that program with Bootcamp or something? I really avoid windows unless 100% necessary so if there's a way to run that program, let me know.
what do they mean by "Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections as the same level of detail as HTTP." ?
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Originally Posted by Big Mac
Wouldn't having a packet sniffer that could decrypt SSH essentially defeat secured connections?
Well, I think the idea is if the packet sniffer was running long enough, it would be able to grab the keys, and decode the HTTPS packets...
More useful for if you're initiating the connection.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Originally Posted by goMac
Well, I think the idea is if the packet sniffer was running long enough, it would be able to grab the keys, and decode the HTTPS packets...
More useful for if you're initiating the connection.
SSL v3 doesn't have this vulnerability. You can't sniff decrypt keys because the key exchange is encrypted afaik using the server's public key, which was provided by the server.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Originally Posted by Cold Warrior
SSL v3 doesn't have this vulnerability. You can't sniff decrypt keys because the key exchange is encrypted afaik using the server's public key, which was provided by the server.
Unless you were sniffing at the initial exchange when the client received the server's public key.
What I'm saying is if you had the packet sniffer running from the very moment you first started initially talking to a server, it's possible. If you jump in after the client has already started talking to the server, you're out of luck. It would make packet sniffing other people's SSL traffic a lot more difficult.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Public keys allow for one-way encryption. You can't intercept a public key and use it to decrypt output without the private key. That's how PKI works too -- using someone's public key, I encrypt information for a recipient and only his private key (which he holds and no one else does) will decrypt it.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Originally Posted by Cold Warrior
Public keys allow for one-way encryption. You can't intercept a public key and use it to decrypt output without the private key. That's how PKI works too -- using someone's public key, I encrypt information for a recipient and only his private key (which he holds and no one else does) will decrypt it.
Oh, right. : facepalm :
Yeah, so it's impossible then.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
did anyone botehr trying to use that HTTPAnalyzer program just out of curiousity?
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2003
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2009
Status:
Offline
|
|
Originally Posted by redwood
i know this is a very newbish question but how do you even install that? you need Xcode to compile and install that right?
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2003
Status:
Offline
|
|
You do need Xcode (which is on your DVD if you have a newer mac) or you can download and install the developer tools from developers.apple.com with a free account.
macports has ssldump, so if you install macports (which also requires the developer tools and xcode) you can just type sudo port install ssldump and it will do the dirty work for you.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|