Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Using a Proxy to Take Raw Socket data

Options
  • 26-06-2006 6:04pm
    #1
    NorthenQueen
    Banned (with Prison Access) Posts: 19


    Hi all,

    I am currently working in the area of ssl and learning as much as I can about sockets and data transfer. I am currently working on a presentation on ssl vs raw sockets and I have created a raw socket based application that transfers information from one computer to another. I would like to use a proxy to take a look at the packets going from the client to the server and decipher it so I can look at the clear text message for the demonstration. Could you point me in the direction of some free ware applications that would do that? I've heard of fragrouter but I'm not sure how it works. A general introduction would be great! thanks,

    NordieQueen


Comments

  • Options
    #2
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 90,732 Mod ✭✭✭✭Capt'n Midnight


    Not sure exactly what you are looking for
    have a look at tcpdump ( windump for windows users ) and ethereal for packet capture and display

    if you can't capture the packets at either end then
    a hub will forward all packets to all network cards connected to it all the time.
    a managed switch can usually be configured to forward all traffic of one port to another port where it can be monitored


  • Options
    #3
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    One thing you may want to note is under xpsp2 raw sockets are chopped out of the os to stop malware using them so linux/Unix is the way to go.

    Have a look at ssl decryption proxys if its traffic ur after pre/post crypto


    openssl might be worh a look two


  • Options
    #4
    TimTim
    Registered Users Posts: 804 ✭✭✭TimTim


    Can't you use winpcap to get around that?

    And isn't there mods floating around that add's raw sockets back in for xp sp2?


  • Options
    #5
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    Sorry concider myself slapped!!:D Looks like you can with winlibpcap sorry i just use linux for my network stuff i find it strangely enough easy under linux.:eek:


  • Options
    #6
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    Can't you use winpcap to get around that?

    And isn't there mods floating around that add's raw sockets back in for xp sp2?

    winpcap is a driver that operates at the NDIS level (kernel)
    there possibly is some mods to add it for user level access.


  • Advertisement
  • Options
    #7
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    It looks like a port of libpcap but not sure what it would take to port stuff across as ported libs can be fun at times.


  • Options
    #8
    Screaming Monkey
    Registered Users Posts: 218 ✭✭Screaming Monkey


    you may not need a proxy if you have access to the ssl private keys,
    ssldump will decrypt SSL traffic captured with tcpdump/ethereal or on the network. http://www.rtfm.com/ssldump/

    I have'nt come across a windows version, but there is one somewhere, have mainly run it on linux and bsd


  • Options
    #9
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    Screaming Monkey wrote:
    you may not need a proxy if you have access to the ssl private keys,
    ssldump will decrypt SSL traffic captured with tcpdump/ethereal or on the network. http://www.rtfm.com/ssldump/

    I have'nt come across a windows version, but there is one somewhere, have mainly run it on linux and bsd


    hate to say this in case of script kiddies but its on the auditor cd.;)


Advertisement