Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create Man in the Middle instrumentation

I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump.

Is there a good man-in-the-middle tool that I could use as instrumentation? I just need something that will show me the decrypted communication. Hopefully very easy to setup. I could even point the application to any IP address/port available to my machine (eg localhost:8888), so proxies would be fine. Also, I can probably configure the application to accept any certificate.

What do you use to simulate a man-in-the-middle (mitm) SSL attack?

UPDATE: I tried fiddler and can't get it to work. I installed openssl and typed the following command: openssl s_client -connect smtp.gmail.com:465

Gmail responds with their certificate and a 220 mx.google.com ESMTP .... However, Fiddler does not capture the traffic. I set the WinINET options in fiddler to "Use the same proxy server for all protocols". Can anyone else get this to work (or not work)? I think I need to find a way to have openssl use a proxy.

like image 635
User1 Avatar asked Jan 25 '10 23:01

User1


2 Answers

Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.

Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.

Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.

The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.

like image 84
Ryan Michela Avatar answered Nov 05 '22 01:11

Ryan Michela


I haven't use it for this purpose but Fiddler should be able to do what you want.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

like image 37
Eugene Yokota Avatar answered Nov 05 '22 02:11

Eugene Yokota