Understanding SSL/TLS On Protocols Other Than HTTPS
Hello,
My company wanted me to look at testing the security of a device we might be purchasing or at the very least working with in the near future. Anyhow, the specifications say it uses TLS with X.509 certificates. I setup the client IDE on a windows workstation and connected to the remote device and it did exchange certificates "according to IDE". Anyhow, I setup a kali linux VM in bridged mode on the local host and conducted a MITM attack which worked at all traffic between host workstation and remote device was captured.
Now looking through the captured file I see lots of UDP traffic between the client and remote device. With Wireshark I can see the data payload, I do not see any TLS negotiation "but maybe that was done when the certificates was originally setup", if I run strings on the pcap file I can see recognized words "like the name of the company that produced the products".
Long story short, I would like to prove without a doubt the traffic is not using SSL/TLS before I go crying wolf to my boss, however I do not understand it enough to be confident. Is there any other way I can prove TLS is not being used?
R
Joe
|