I'm able to make HTTP requests on my local host using client certificates.
I have some logic in my code that can make two requests use the same certificate for their requests, or not, depending on certain conditions.
My localhost is currently pointing to the default 'Welcome to IIS' page.
Is there any way to use Wireshark to detect if the client certificates that are being sent from my machine in separate requests are the same or not?
PS: If someone can suggest a better way of achieving what I'm trying to do here, that'd work as well. I don't necessarily need to use Wireshark. My main objective is to figure if two different requests are sending the same cert or not, as I've mentioned here:
How do I monitor client certs that are being sent via the requests?
Thanks!
I found a way to do this. This guide helped, in summary, yes, you can use Wireshark to examine what client certificates are being sent from the client (or received on the server).
You need to start capturing traffic on Wireshark, only for the period of time when the request(s) is made and processed, and then add the appropriate filters to filter based on the protocol. In my case, I filtered it based on the IP address of the sender and receiver because I knew both.
You'll need the server's certificate to decrypt the messages because they'll be transmitted in encrypted format. You can easily do that by going to Edit -> Preferences. Select Protocols from the menu on the left -> SSL -> Click edit. Add the server's cert and IP, and save the settings.
Related
My question is about networking. I'm just looking for a simple answer, yet I couldn't find one after 1 hour research. I know there are techniques such as Wi-Fi Hotspot, man-in-the-middle-attack, local network, echo switch, etc. But I couldn't find an answer to my specific question.
Let's say, client A wants to communicate with server B, and server B says client A must authenticate himself via HTTP basic authentication first. My question is, what happens if client A sends the authentication credentials via HTTP layer (insecure), who can read the HTTP headers that the client A sends to server B over the internet? Would it be easy to do that? Like placing a breakpoint between two arbitrary routers, which help to transfer the packets across the internet, in order to read those headers? How does it work in general?
Thank you!
PS.: I am not trying to learn and do it. I just want to know, how dangerous it would be, if the HTTP basic auth is made via the insecure HTTP layer.
Who can read the HTTP headers that the client A sends to server B over
the internet?
Your Network Provider (e.g Wi-fi hotspot Provider).
Your Domain Name System server (DNS, as 192.168.1.1).
Your Internet Service Provider (ISP).
Your Virtual Private Network if using one (VPN server).
Yourself Or a Virus.
and here comes the HTTPS (HTTP + SSL Encryption)
SSL is about communicating in a language that you and the server only understand.
How dangerous it would be if the HTTP basic auth is made via the insecure HTTP layer?
Well, from above, You can totally get that a simple virus or even a public Wi-fi Hotspot Device can capture and see all of your data if the communication was done in a plain HTTP Socket.
A Simple packet may contain all of your Device information including its basic contents as your passwords, credit cards information, The HTML form for the signup/login that you've just completed with all its data, VoIP Calls and messages being sent to the server + upcoming/received ones.
that's why we need SSL encryption and the server should have a valid SSL certificate too.
By the way, your device may have sent thousands of packets while you read this now!
Capturing the packets that your device sends or even the packets that other devices on your network send can be done through any packet capturing tool or software as Wireshark.
I'm working on a project where I want to use Kubernetes and Docker. The microservice I'm about to implement must create a permanent HTTP/2 connection to another service (provided by others and I can't modify anything in that service) pro user / client in order to send asynchronous and cloud initiated messages to that user. Also, each following request from that client must use the same connection.
Obviously that is a challenge in terms of scalability, because every request from a client must be routed to the same instance of my microservice, which created the permanent connection to the other service. What makes things worse is the fact that my clients can change the IPs and that they can't use cookies. But what they can do is to send a custom header value which identifies them.
I thought about HAProxy and nginx, but can't find an option in either of them to load balance requests by a header value. Is there really no way to do that? How would you approach that issue? Any ideas?
Thanks!
What i want to do is to parse the method-type of a HTTPS message using wireshark.
I saw that for a HTTP message I see that for a 'GET' message, on the first row I see 'Get ...'.
Now I want to check the same for a HTTPS message, but I dont see any field flagging the method-type.
What am I missing?
HTTPS is HTTP inside a SSL tunnel. So you need to first decrypt the data of the SSL tunnel before you could find out which method is used. Unless you can get access to the keys of the encryption there is no way to decode the content and get at the HTTP traffic.
HTTPS is HTTP over SSL. The entire HTTP request is encrypted as SSL record and that is what the server receives. And server/client reach this stage only on setting up the SSL tunnel successfully. You need to invoke appropriate methods to unwrap the SSL layer and get the application data.
I assume you are trying to decode it from Wireshark. You will need to posses the server's private key to get the data out. Wireshark has the means to load the key. It shall then display the decrypted data in the capture. - http://support.citrix.com/article/CTX116557
In general on any non-HTTP server. Would there be a way to detect what domain was used to reach the IP?
I know HTTP servers get the domain passed within the request header, but would this be possible with any other server that does not require this information to be received from the client?
I'm especially looking for a way to do this with the minecraft server (Bukkit) so my preferred language (if needed for you to answer) would be Java. But I'd like to not have the theories about this language specific.
In general, no, which is why the HTTP protocol includes it in the headers.
In order to reach your server, first a DNS lookup is performed to resolve your IP, which is then followed by the connection itself. These two steps are separate, and hard to link together.
Logging what domain was last requested by a client is tricky, too, as DNS information is often cached, so the DNS request may not even reach your DNS server before being answered.
If it isn't cached, it also often isn't directly looked up by the end client, but rather by a caching DNS server operated, for instance, by the ISP.
No. The only way to get the DNS name used to connect to a server is to have the client provide it.
No, if there are no means for this in the protocol itself like the Host header in HTTP you cannot find out which hostname was used on the client to resolve your IP address.
I need to ask a question about HTTP protocol. I am trying to develop a sandbox (web browser) where any one can surf the website with different identities. Different identity means that on each request to a page will be from different IP address.
Now I don't know how scripts on web servers check the IP address of the one who generated the request. This is possible and I am aware of this. But I need to know whether this is HTTP request header that has the IP address or something else.
Simply speaking, I want to fool the websites. :)
Umair
Uh, the IP address is provided EVERY time you connect to ANYTHING. It has nothing to do with http headers.
See IPv4 -> packet structure -> header
You need to read up on the layers that build up a network from the wires[1] to the application. I think you'll find the the IP address is known long before HTTP gets involved.
See http://en.wikipedia.org/wiki/OSI_model
[1] or photons, or radio waves, or smoke signals...