.

Web Services Traffic

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Oct 10, 2011 2:10 pm

Web Services Traffic

Hi

Ok, so how can I intercept the initial traffic between a thick client app and end point which uses web services to transfer the data.  The connection is over SSL, however I need a way to be able to view the traffic being sent from the client before on my local machine just before it is encrypted. I have tried configuring stunnel to proxy the connection over https and then configure the app to talk to the localhost and use wireshark to view the traffic, however I cannot get this to work! Any other ideas please?

Thanks
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 10, 2011 2:41 pm

Re: Web Services Traffic

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Oct 10, 2011 2:54 pm

Re: Web Services Traffic

Thanks, I have come across fiddler before. Would it act in a different manner to say burp though as I am unable to view the traffic via Burp in this way aswell. Ideally i would like to see what calls the app makes to the web service, take those requests and replay them using burp repeater to try and manipulate the data?
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 10, 2011 3:08 pm

Re: Web Services Traffic

Actually, no. I'm pretty sure both of those will decrypt ssl on the fly for you.

I misread what your original post was. Why dont you just use Wireshark to do the decryption for you?

There's actually a nice write up on a Citrix KB http://support.citrix.com/article/CTX116557
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Oct 10, 2011 3:28 pm

Re: Web Services Traffic

Nice :)

However I don't have access to the server's private key so wouldn't be able to decrypt the traffic :(. Its annoying as I know there must be a way to intercept and view the traffic as you can with burp, fiddler, webscarab etc but instead with a thick client using HTTPS as opposed to a web app front end :(
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Oct 10, 2011 3:29 pm

Re: Web Services Traffic

Your other option would be to use Ettercap or sslsnoop on another machine, to do man-in-the-middle so you can decrypt the traffic as it crosses the wire (and passes through your 'middleman' machine.)

Edit - although, if your app is configured with a locally-stored certificate, this won't help.  But if the app pulls the cert on the fly, from the remote box, it might still fly...  I've done a few local apps, which connect ssl over https, and managed some creative sniffing mitm sessions, this way.
Last edited by hayabusa on Mon Oct 10, 2011 3:32 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software