I am interested in the bit-level goings-on of computer networks, and have been using Wireshark to look at outgoing packets my computer sends when I send messages into the message box of a text-based game, which is hosted on an external web server.
Every time I post a message, I can see a TLSv1.2 packet is sent out, the payload of which is encrypted. My question is how would I go about encrypting outgoing packets myself (using C++)?
My only thoughts on this are that, since encryption happens locally and probably inside my web browser process, I might be able to send a message, note the encrypted output, and then use a time-travel debugger to look inside the process memory, watch for when memory was set to whatever was sent out, then go backwards in the assembly code to try to work out what it's doing. I think there is probably a better way.
Equally, when the server sends messages back, how could I use code to decode those?
I am aware my browser has been given a cookie which looks like a private key, would the process use this cookie for encrypting and decrypting, or is that a red herring?
Related
I'm trying to decrypt UDP packets for a multiplayer video game. When loading into a game session, a DTLS handshake occurs where, in Wireshark, I usually see the Client and Server agree on ChaCha20 Poly1305 encryption. The game actually live logs a "key" in a log file, which is 32 bytes long hex-coded, along with an HMAC and IV. At this point I'm not sure what to do. I tried decrypting individual messages in Python with some cryptography libraries but I realized that might be silly upon learning DTLS, or at least TLS packets, cannot be decrypted independently. I know I can possibly have Wireshark point to a file or add a key to live decrypt something, but have not had luck doing so. I started this process from basically no knowledge on internet security protocols or cryptography and have learned a lot but am at a standstill, and just want to make sure I'm not far off-base here.
Wireshark screenshot of handshake
It depends on what the game is actually writing to the file. Wireshark has support for decrypting TLS/DTLS using the RSA private key, the premaster secret or master secret. If the log file contains the premaster or master secret, then you should be able to shoe-horn it into wireshark, and decrypt the stream from there.
If it isn't, then you'll need to work out what it actually is first, and then it's a bit more of a manual job to get at the data.
According to this blog, it seems half open connection is what we want to avoid.
So why does Java still provides the facility to make a socket half close?
According to this blog, it seems half open connection is what we want to avoid.
This author of the blog explicitly notes that he does not talk about deliberately half-closed connections but about half-open connections which are caused by intermediate devices like routers which drop the connection state after some timeout.
So why does Java still provides the facility to make a socket half close?
Because there are useful? Half-close just means that no more data will be send on the socket but it will still be able to receive data. This kind of behavior is actually useful for various situations where the client sends only a request and receives a response because it can be used to indicate the end of the request to the peer.
I was wondering, is it possible to trace a packet that you send out of your own computer? The idea here would be to build something to protect your data. The packet sent out containing your password and other vital information is open to rerouting by a hacker. I want to know if it is possible (and if so, how I might go about approaching this) to trace the intermediate and/or final destinations of a certain packet, and then have them sent back to my computer for verification.
I would appreciate any help you guys could give on this matter.
There is no mechanism to do what you want. The packet itself might reach its "destination" just fine, only to be further re-directed elsewhere. Consider it like mailing an envelope -- whoever receives it is free to photocopy the contents a thousand times and send the copies to newspapers, tabloids, and telephone poles all over the world.
Same story with data -- once it leaves your computer, you have to trust the remote endpoint to not do anything harmful with it.
TLS and openPGP can go a long way to preventing third-parties from reading or modifying your data while it is in transit, but they cannot make sure the remote peer only handles your data with care.
No, not with ISO OSI, and there are other approaches to protect youre data
Manytimes clients ask for features like instant messaging (IM) and other client-to-client (P2P) communication for their web apps. Typically how is this done in normal web browsers? For example I've seen demos of Google Wave (and Gmail) that are able to IM from a regular browser. Is this via HTTP? Or does XmlHttpRequest (AJAX) provide the necessary backend for such communication?
More than anything I wonder how can a server "wake up" the remote client, lets say for sending an IM? Or does the client have to keep "polling" the message server for new IMs?
Typically the browser will poll the server for new messages. One approach that is often done to make this more efficient is the 'long poll' (see also this link) - the server responds immediately if it has anything; otherwise, it waits, keeping the connection open for a while. If a message comes in, it immediately wakes up and sends it, otherwise it comes back with a 'nope, check back' after a few tens of seconds. The client them immediately redials to go back into the long-polling state.
I'm writing a Comet-like app using Flex on the client and my own hand-written server.
I need to be able to send short bursts of data from the client at quite a high frequency (e.g. of the order of 10ms between sends).
I also need the server to push short bursts of data at a similarly high frequency.
I'm using NetConnection.call() to send the data to the server, and URLStream (with chunked encoding) to push the data from the server to the client.
What I've found is that the data isn't being sent/received as soon as it's available. For example, in IE, it seems the data is sent every 200ms rather than as soon as NetConnection.call() is called. Similarly, URLStream isn't making the data available as soon as the server is sending it.
Judging by the difference in behaviour between the browsers, it seems as though the Flash Player (version 10) is relying on the host browser to do all the comms. Can anyone confirm this? Update: This is very likely as only the host browser would know about the proxy settings that might be set.
I've tried using the Socket class and there's no problem with speed there: it works perfectly. However, I'd like to be able to use HTTP-based (port 80) connections so that my app can run in heavily fire-walled environments (I tried using a Socket over port 80, but that has its problems).
Incidentally, all development/testing has been done on an internal LAN, so bandwidth/latency is not an issue.
Update: The data being sent/received is in small packets and doesn't need to be in any particular format. For example, I might need to send a short array of Numbers, and this could either be encoded in AMF (e.g. via NetConnection.call()) or could be put into GET parameters (e.g. using sendToURL()). The main point of my question is really to see whether anyone else has experienced the same problem in calling NetConnection/URLStream frequently, and whether there is a workaround (it's also possible that the fault lies with my server code of course, rather than Flash).
Thanks.
Turns out the problem had nothing to do with Flash/Flex or any of the host browsers. The problem was in my server code (written in C++ on Linux), and without access to my source code the cause is hard to find (so I couldn't have hoped for an answer from this forum).
Still - thank you everyone who chipped in.
It was only after looking carefully at the output shown in Wireshark that I noticed the problem, which was twofold:
Nagle's algorithm
I was sending replies in multiple packets by calling write() multiple times (e.g. once for the HTTP response header, and again for the HTTP response body). The server's TCP/IP stack was waiting for an ACK for the first packet before sending the second, but because of Nagle's algorithm the client was waiting 200ms before sending back the ACK to the first packet, so the server took at least 200ms to send the full HTTP response.
The solution is to use send() with the flag MSG_MORE until all the logically connected blocks are written. I could also have used writev() or setsockopt() with TCP_CORK, but it suited my existing code better to use send().
Chunk-encoded streams
I'm using a never-ending HTTP response with chunk encoding to push data back to the client. Naggle's algorithm needs to be turned off here because even if each chunk is written as one packet (using MSG_MORE), the client OS TCP/IP stack will still wait up to 200ms before sending back an ACK, and the server can't push a subsequent chunk until it gets that ACK.
The solution here is to ask the server not to wait for an ACK for each sent packet before sending the next packet, and this is done by calling setsockopt() with the TCP_NODELAY flag.
The above solutions only work on Linux and aren't POSIX-compliant (I think), but that isn't a problem for me.
I'm almost 100% sure the player relies on the browser for such communications. Can't find an official page stating so atm, but check this out for example:
Applications hosting the Flash Player
ActiveX control or Flash Player
plug-in can use the
EnforceLocalSecurity and
DisableLocalSecurity API calls to
control security settings.
Which I think somehow implies the idea. Also, I've suffered some network related bugs on FF/IE only which again points out to the player using each browser for networking (otherwise there wouldn't be such differences).
And regarding your latency problem, I think that if speed is critical, your best bet is sockets. You have some work to do, but seems possible, check out the docs again:
This error occurs in SWF content.
Dispatched if a call to
Socket.connect() attempts to connect
either to a server outside the
caller's security sandbox or to a port
lower than 1024. You can work around
either problem by using a cross-domain
policy file on the server.
HTH,
Juan