LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-01-2010, 11:03 AM   #1
fhsm
Member
 
Registered: Jan 2009
Posts: 51

Rep: Reputation: 17
Inspect SSL traffic on my LAN


I'm trying to inspect network traffic from my iPhone / iPad / Kindle / other wi-fi only consumer electronic device. To do this I man-in-the-middle myself (connect laptop to LAN via wire, create wireless Ad-hoc network, bridge the connections, then connect my device to the ad-hoc wi-fi network) and use Wireshark to watch the traffic.

In the past this has been adequate for my needs (just wanted to watch and see what potentially private info was being leaked about me / see that banking / amazon / etc apps were going over SSL). Now I've noticed that applications are almost all using SSL (which is great) but they are way to active for my taste. I'd like to use these apps but want to know what's happening in the background.

I know that corporations dead-end SSL connections at their proxys to inspect the traffic and then re-establish the connection on behalf of the user for the trip across the internet. While I find the corporate use a bit distasteful, I think this is exactly what I'd need to do to myself. Any suggestions for how to do so or other ideas on how to get the packets in the clear?
 
Old 12-01-2010, 01:31 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Squid 3 support full ssl providing I think, there are certainly patches for a while for 2.6 onwards, but think it is standard now. I would doubt it would work though for connections established outside of a normal browser, as the apps will probably insist on an exact certificate, not just any user installed one. Esp as you are in Jobsville and not on a decent platform like android. :-)
 
Old 12-02-2010, 07:13 AM   #3
fhsm
Member
 
Registered: Jan 2009
Posts: 51

Original Poster
Rep: Reputation: 17
Thanks for the tip on Squid 3. I've found two other standalone ssl proxies (http://crypto.stanford.edu/ssl-mitm/ & http://code.google.com/p/gnucitizen/...httpservers.py) but neither seems to work all that well for what I want to do.

In fact I'd really like to avoid setting up the device to connect through a proxy. Because I'm already on the "wire" between the device and the internet it seems like it should be possible to proxy the connection without additional device configuration. Could Squid be configured to do this?

Now the topology is: handheld <--> laptop wi-fi <==> laptop ethernet <--> LAN & Internet
It seems like: handheld <--> laptop wi-fi <=SSL endpoint(Squid 3?)=> laptop ethernet <--> LAN & Internet shouldn't be too hard.

The cert situation is going to cause problems but it is what it is.
 
Old 12-02-2010, 07:44 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
in order to make squid do it transparently you'd need to provide the *right* certificate from the proxy, not your own proxy certificate. It depends on the integrity of the client, as in you could create your own certificate called whatever you want, and have it signed by your internal CA and import the root ca onto the device, meaning you then could have your own devices accepting an "apple.com" certificate that you created. I'd just doubt that this is ever going to be a realistic thing to achieve.
 
  


Reply

Tags
adhoc, https, wireless, wireshark


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES: Forward from VPN to LAN, Need traffic to appear as if its coming from LAN. a2brute Linux - Networking 3 11-17-2008 11:53 AM
Redirecting all port 80 traffic to SSL s0n|k Linux - Software 1 10-29-2007 11:44 AM
Copying SSL traffic LinuxGeek Linux - Security 3 03-18-2007 03:39 PM
squid - virus scanning SSL traffic JackDante Linux - Networking 2 12-09-2005 07:01 AM
Monitoring LAN Traffic prov3.6 Linux - Networking 5 09-19-2005 04:53 PM


All times are GMT -5. The time now is 01:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration