Unfortunately, your ps. certificate has not been signed by any known / trusted certifying authority, so, once connected to your MITM server, the Pre will reject its certificate and cancel the update. Now the pre is configured to connect to the man-in-the-middle / tunnel server and the tunnel server will accept an SSL connection from the client and initiat another one on the backend to the real ps. server, forwarding traffic between them. Replace this with your own server's IP on wifi, usbnet, etc. To do so, run the following command on the pre (as root):Įcho "192.168.0.1 ps." > /etc/hostsġ92.168.0.1 is my server's IP address on a usbnet connection. Now you need to force the pre to use your man in the middle as ps. Repoint your pre to use the tunnel endpoint as its patch server Listen on 8080, re-SSL to remote server on 443 Listen on local IP and de-SSL traffic to localhost:8080 Port 443 on your server will foward to ps. but since your listener uses your cert/key for the client connection, you can use that key to decrypt any of that traffic. Next, we'll set up a transparent SSL to SSL tunnel. Wget -O cert.sh ' a=blob_plain f=doc/cert.sh hb=master'Ĭat sslcerts/ps. sslcerts/private/ps. > ps.pem This script will create a directory called "sslcerts" in the current directory, generate / self-sign a Certificate Authority certificate and then use it to sign a certificate for the hostname you specify. Stunnel can be installed with "apt-get install stunnel" on debian / ubuntu or built from source code which can be downloaded from .įirst, download the script "cert.sh" from the (OWASP webscarab project.) ![]() This method has been successfully used to obtain traces of conversations with the update server, excerpts of which are posted in Update_Service_TraceĮnsure that you have installed stunnel on a designated man-in-the-middle server, which should be another system reachable by the pre, over a network interface that you will sniff (capture packets from for decryption) in later steps. ![]() This example will demonstrate decrypting the HTTPS transactions to ps. (the patch service used in the update process) ![]() The following is a method that can be used to set up a tunnel for an SSL site which you can then sniff and decrypt to observe the traffic in the clear. As many of them utilize SSL for security, however, this can make it difficult for us to observe the actual HTTP transactions between the pre and these services. At times, it can be useful to sniff or intercept and decode communications from the pre / webOS client and its backend web services.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |