Heyo everyone !
I'm trying to reverse ingeneer an API using Burp. The problem is that I can't see any of the requests made by the software using the said API while I can see the requests made from Spotify, Discord, etc... I set the proxy parametter of windows to localhost:8080 and burp to listen to *:8080
Do you have any idea on what could make that happen ? I've been exploring the web I have yet to see an answer to my problem...
If I can improve by any means this question, to hesitate to let me know !
It is called SSL Pining and it's a method to protect against Man-in-middle type of attacks. It's very effective !
You can learn more about it through these articles:
https://sslmagic.com/blog/introduction-to-ssl-pinning/
https://medium.com/#anuj.rai2489/ssl-pinning-254fa8ca2109
https://www.indusface.com/learning/what-is-ssl-pinning-a-quick-walk-through/
I'm not related to any of these articles by any means. I just find them useful to understand SSL Pining
Related
I have recently been sharing the connection of my mobile device to my laptop, when i'm out and about, through the use of an app called netshare. It provides a https proxy I believe through which it acts as a network repeater?(not sure about this part). I can access webpages and such quite easily. However, I have realised that I cannot connect to some apps. For example, I cannot use spotify. Installing some other apps like games etc also prove to fail. I have done a bit of research and found that apparently I could only surf the web with a https proxy. However, I found this to be unambiguous. Does this mean that I can only make https requests? Or is this because of https using TCP over UDP? What are the limitations and what can I do to possibly solve it?
Thanks
I'm searching for some examples on how to write a proxy in Ruby that supports HTTPS. I have a simple proxy implemented with Webricks HTTPProxyServer, but I noticed, that HTTPS traffic is just tunneling (as it should ;) ). But I want to record the content with VCR (regarding my question here VCRProxy: Record PhantomJS ajax calls with VCR inside Capybara) and as long the content is only tunnled through, VCR can't record it.
So I was thinking of writing the proxy as a man-in-the-middle, generate SSL certificates on the fly (I don't care about certificate errors, its just for testing), and then I would be able to record the content / playback it later.
So if somebody has a good ressource from how to start, or a tutorial or a gist, please let me know.
PS: I have already seen this questions, but they don't provide any further stuff (and it need to be in ruby):
Man in the Middle (MITM) proxy with HTTPS support
How do I write a simple HTTPS proxy server in Ruby?
Help with HTTP Intercepting Proxy in Ruby?
An old question, but for the sake of completeness here goes another answer.
I've implemented a HTTP/HTTPS interception proxy in Ruby, the project is hosted in github.
The project is new, so it's not (yet) as mature as Python's mitmproxy, but it supports HTTPS with certificates generation on-the-fly.
There's an excellent MITM proxy in Python aptly named mitmproxy. The netlib library by the author does the tricks and mitmproxy uses it.
The codebase isn't large and it shouldn't be hard to go through it given that you know Ruby.
I'm trying to develop an extension that detects every connection made by the browser to figure out the URLs being accessed. I know that this is possible via writing an HTTP/SOCKS proxy and configuring the browser to flow traffic via that. However, that's kind of overkill for the application that I'm trying to develop and it's best done as a Firefox Add-on if that's possible. Any clues/pointers would be highly appreciated.
Use nsIHttpActivityDistributor and there is many information about the http transaction and socket transport through observeActivity callback.
Read the official documentation https://developer.mozilla.org/en/Monitoring_HTTP_activity.
This might sound really naive but I would really find a descriptive answer helpful.
So, my question is this:
I can use Firebug to look at AJAX requests made from any website I visit. So, am I right in saying that I wouldn't be able to examine the same communication between the client and the server if the website choses to use Websockets? In other words, does this make it more secure?
No. Not at all. Just because the browser does not (yet) have a tool to show WebSocket traffic, doesn't make it any more secure. You can always run a packet sniffer to monitor the traffic, for example.
No, because there will be other ways beside the browser-build in tools to read your traffic.
Have a try: Install and run Wireshark and you will be able to see all packets you send and receive via Websockets.
Depends on the application. If you are fully Ajax without reloading the document for data then I would think websockets would provide a better authentication for data requests then a cookie session in regards to connection hijack. Given that you are using SSL of course.
Never rely on secrecy of algorithm cause it only gives you false sense of security. Wiki: Security by obscurity
Remember that browser is a program on my computer and I am the one who have a full control over what is send to you, not my browser.
I guess it's only matter of time (up to few months IMO) when developer tools such as Firebug will provide some fancy tool for browsing data send/received by WebSockets.
WebSockets has both an unencrypted (ws://) and encrypted mode (wss://). This is analogous to HTTP and HTTPS. WebSockets protocol payload is simply UTF-8 encoded. From a network sniffing perspective there is no advantage to using WebSockets (use wss and HTTPS for everything at all sensitive). From the browser perspective there is no benefit to using WebSockets for security. Anything running in the browser can be examined (and modified) by a sufficiently knowledgeable user. The tools for examining HTTP/AJAX requests just happen to be better right now.
I am looking to get access to all HTTP traffic on my machine (my windows machine - not a server). From what I understand having a local proxy through which all traffic routes is the way to go. I have been Googling but failed to find any resources (in respect to Ruby) to help me out. Any tips or links are much appreciated.
There's an HTTP Proxy in WEBrick (part of Ruby stdlib) and here's an implementation example.
If you like living on the edge there's also em-proxy by Ilya Grigorik.
This post by Ilya implies that it does seem to need some tweaking to solve your problem.
Is having a proxy built in Ruby the important point here? Or just to "get access to all HTTP traffic on your machine"? If the latter, there's a free program called HTTP Sniffer and Analyzer that can supposedly do this. I have not used it but I have seen it get some positive reviews. There are several other such programs, though most seem to be paid. On OS X, Linux, etc, you can use the in-built tcpdump in clever ways to get a similar effect.