What? You are doing "malware analysis" and are asking about sniffing ssl traffic, and doing a MITM?? How about explaining your self a bit better. Try using details.
Sniffing SSL Traffic on any application?
hi
im doing malware analysis, tracking it down by watching traffic,etc..i thought the solution is to do MITM, but it only works with browser apps. so my question is that if there's any way we can do MITM on any app that is doing SSL login, any idea?
regardz
mortalz
Re: Sniffing SSL Traffic on any application?
What? You are doing "malware analysis" and are asking about sniffing ssl traffic, and doing a MITM?? How about explaining your self a bit better. Try using details.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Re: Sniffing SSL Traffic on any application?
allright, i appologize for not being clear. Lately i encounter backdoors that uploads data to gmail,yahoo. yeah i whould be able to do that with wireshark sniff the traffic and be able to track down where the data are going. The problem is, those backdoors use SSL to login to their host(gmail, yahoo). I search around and found MITM attack, but the problem is it only works for browsers app. my question is, is there anyway MITM can be used to sniff SSL on any app(the backdoor virus) that's doing the transmission?
regardz
mortalz
Re: Sniffing SSL Traffic on any application?
The only way I can think of to capture SSL traffic unencrypted is through a debugger like immunity debugger, you will have to probably write you own python script too to create a entry hook call back to sniff pre-encrypted traffic.
Wirehark can only see data post encryption, using the hooking technique I believe it is possible to capture the data before it is encrypted and trap it again after it has been encrypted.
Posting Permissions