I writing an application that using http request for authentication. Because of security matter, I am using WireShark to sniff the http packet to see if can steal the username and password.
When using WireShark, I got this encoded string:
TlRMTVNTUAADAAAAGAAYAHIAAADcANwAigAAAAQABABYAAAAEgASAFwAAAAEAAQAbgAAABAAEABmAQAAFYKI4gYDgCUAAAAP255D/F478qJlQoJwEti1LGgAcABzAGwAZQBlAGsAYgBvAG8AawBIAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGao0slMmaggkTP6jJJHJUwEBAAAAAAAABaWp/E9p0QGDaAQ319vuYgAAAAACAAQASABQAAEABABIAFAABAAEAGgAcAADAAQAaABwAAcACAAFpan8T2nRAQYABAACAAAACAAwADAAAAAAAAAAAQAAAAAgAAAkOEBAmC7E+a9Pa8Y4gF0J9zeqVTsT7BCXKEhznVGMpwoAEAAAAAAAAAAAAAAAAAAAAAAACQAkAEgAVABUAFAALwAxADkAMgAuADEANgA4AC4AMQAuADEAMQAzAAAAAAAAAAAAAAAAAFq8ggyPeAnfXnSiV12/Z1Y=
I do research online, and I guess this is Base64 encoded. Then, I tried to decode from this website:
http://www.opinionatedgeek.com/dotnet/tools/base64decode/
I managed to see my username which is sleekbook, but the others still seems unknown to me. Is it because it's not Base64 encoding or it's further encrypted by some other algo as well?
Related
I am new to backend service and I was tracing API calls from a banking website. Normally, I have seen parameters in POST requests being encoded with base64 encoding. However, I came across a type of request where the date was encrypted with a type of encoding that I am unable to figure out.
For date: 19/12/2018 the encoding is: U2FsdGVkX1/o1qw9zIiZBHLAbGck6j15wwUZ/z/zLqw=
and for date: 18/12/2019 the encoded string is: U2FsdGVkX1/mo5+FfuqqqbUtCsdFObB8eKvyosc4b8E=
I am aware of only base64 encoding, but since I am unable to decode this with base64, it seems this is using something else. Appreciate if anyone can help and share some knowledge about the different ways in parameters can be sent to backend in a secret manner.
The encoding/encryption seems to be happening from the frontend side and I feel this could also be an encrypted string with seed sent in a separate parameter. Appreciate if someone can atleast share a list of possible algorithms that I can look into to understand the request sent and create my own requests.
Hi Guys Im currently capturing some traffic from an android application, but the requests it is sending out to server seems encrypted. Would you guys know how to decrypt such requests? Or is that impossible to do?
platform=android&version=1.0.31&lang=en&requestId=44&time=1485552535566&batch=%5b%7b%22id%22%3a177205%2c%22time%22%3a1485552512601%2c%22name%22%3a%22collectResource%22%2c%22params%22%3a%5b155%5d%2c%22hash%22%3a1948904473%7d%5d&sessionId=674937_bc59a16eae9e1559b2e60ae068baf4e7
That's not encrypted, it's encoded. Do a search for "online url decode". In your example you will get:
platform=android&version=1.0.31&lang=en&requestId=44&time=1485552535566&batch=[{"id":177205,"time":1485552512601,"name":"collectResource","params":[155],"hash":1948904473}]&sessionId=674937_bc59a16eae9e1559b2e60ae068baf4e7
The %xx are url encoded hex values. For example %22 is the hex version of the double quote character. I think that if you use javascript or other tool to decode the url encoding or manually change all % strings to the equivalent characters, you will see that the message is really just url encoded plain text.
I am using ruby to send a SOAP request to a very enterprisey bla bla service, so unfortunately I can not attach any samples, there's nobody to send any server-side logs, nobody knows whats wrong on the provider side or how the actual HTTP requests need to look like (except a single XML example I got, but no HTTP headers), the docs are very Microsoft-centric with C# examples and whatnot ("instantiate AbstractFactoryFactory..." and whatnot), long live enterprise software.
But the bottom line is, eventually I took one of their own XMLs from their logs and sent it via HTTP to the endpoint from the WSDL and sent it to their host using the Savon gem raw XML option and got a HTTP 500 error from their host and a bunch of non-ascii binary data inside - literally, no ASCII characters are in the body.
I guessed that maybe Savon does some bad magic or that the XML option is not working as expected and I tried sending the same request via Faraday, but got the same thing,
the HTTP response headers says it's a HTTP response, XML encoded, from an ASP.NET host:
"content-type"=>"text/xml; charset=utf-8",
"server"=>"Microsoft-IIS/7.5",
"x-aspnet-version"=>"2.0.50727",
"x-powered-by"=>"ASP.NET",
but again, a 440 bytes worth of binaries in the response:
method=:post,
body=
"\x1F\x8B\b\x00\x00...
etc.
Am I missing some weird aspect of the SOAP specification and I need to do something to decode this data or has their server gone bonkers from my XML, HTTP headers or something else and I need to ping the provider?
Update 1
I noticed that their original XML had UTF-16 encoding set, so I tried encoding the raw string to UTF-16, then had Savon spew errors at me about bad data, then I updated encoding in the Savon client config. But I still get HTTP 500 error and binaries as response and if I try to log anything Savon reports a bug:
Encoding::CompatibilityError: incompatible encoding regexp match (US-ASCII regexp with UTF-16 string)
from /home/bbozo/.rvm/gems/ruby-2.2.4/gems/savon-2.11.1/lib/savon/log_message.rb:13:in `to_s'
Faraday basically reported the same behavior, an binary blob.
Update 2
I tried piping the encoding to every known encoding, and got nothing, even though the HTTP headers imply the encoding is UTF-8, it obviously isn't
Encoding.name_list.map{ |e_in| [ e_in, ( response.body.dup.force_encoding(e_in).encode('utf-8') rescue 'incompatible' ) ] }
There is nothing that would indicate the encoding in the WSDL files, the API spec doesn't even mention encoding except that the request XMLs need to be UTF-8 encoding, I tried encoding the body, changing the XML encoding definition, HTTP headers, but still I get the same binary blob, with the same heading (\x1F\x8B\b\x00\x00) - so it's not some weird encryption either.
Compression maybe?
I tried with https for good measure and nothing.
Question
Am I missing some weird aspect of the SOAP specification and I need to do something to decode this data or has their server gone bonkers from my XML, HTTP headers or something else and I need to ping the provider?
The response body was compressed! In the end I just gunzipped it and there it was,
How to decompress Gzip string in ruby?
am sorry for this dumb question, but am using RawCap to detect packets sent and received to learn what is sent in HTTP, and the page is a simple application made using Tornado and MongoDB, when i capture packets, i dont find the password in any packet sent.
Why? i dont use any encrypted protocole like HTTPS, it's a simple HTTP and cant see the password.
here is the file:
The result
as you can see, Mongodb answers the value of the database, and brings the password as it is saved (PBKDF2), but cant see the one sent from the first time.
Most likely, you don't see the password because the page is using HTTP basic authentication which encodes the username and password using base64. Look for a string like:
Authorization: SomeRealmName QWxhZGRpbjpvcGVuIHNlc2FtZQ==
If you're using Basic authentication, then the password is base 64 encoded. ENCODED not encrypted. Look for something like this in your packets: Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
I am sending password text to the http service request object.like <request><password>pass.text</password></request> now this password I am giving in navigate url also.but password is visibleing when load url and it is hacking.
how can I encrypt password string and send it to jsp?
I would use as3Crypto:
https://code.google.com/archive/p/as3crypto/
That supports a large variety of both one way and two way encryption schemas.
try a simple hashing, there are quite a few algorithms in the corelib in https://github.com/mikechambers/as3corelib (see the crypto section).