| title: | Re Packet sniffing sort of |
|
On Sat, 2004-04-10 at 20:54, Antony Stone wrote:
Hi people.
This is not strictly a netfilter question, but Im wondering if maybe someone
can help or make a suggestion?
I want to pick up a packet stream, but for an HTTPS connection, and using a
standard packet sniffer like ethereal just gives me the encrypted SSLv3
stuff, not the plaintext data which I need to see.
Can anyone think how I can see the content of packets from a browser running
on my machine, which is posting a form back to a remote server somewhere,
using HTTPS?
I can do anything I want on the client machine (and I can see the source code
of the form page too), however when I try sending what I think is the same
data back to the server from a Perl program instead of from my browser, the
remote server complains at me (and not in a helpful way, either - it says
"500 Internal Server Error").
Any suggestions gratefully received :)
Regards,
Antony.
This sounds like a good place for a legitimate man-in-the-middle
attack. I would suggest taking a look at ettercap
( ettercap.sourceforge.net ettercap.sourceforge.net ). I have found it not only a good
security tool but an excellent network analysis tool for tough jobs like
sniffing on switched networks and intercepting and decoding https
streams. You can run it, place your station between the client and
server and see all the traffic in the clear either in ettercap or in
Ethereal - John
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@xxxxxxxxxxxxx
|
