Results 1 to 4 of 4

Thread: Sniffing SSL Traffic on any application?

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    3

    Default Sniffing SSL Traffic on any application?

    hi

    im doing malware analysis, tracking it down by watching traffic,etc..i thought the solution is to do MITM, but it only works with browser apps. so my question is that if there's any way we can do MITM on any app that is doing SSL login, any idea?


    regardz

    mortalz

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Sniffing SSL Traffic on any application?

    What? You are doing "malware analysis" and are asking about sniffing ssl traffic, and doing a MITM?? How about explaining your self a bit better. Try using details.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    3

    Default Re: Sniffing SSL Traffic on any application?

    allright, i appologize for not being clear. Lately i encounter backdoors that uploads data to gmail,yahoo. yeah i whould be able to do that with wireshark sniff the traffic and be able to track down where the data are going. The problem is, those backdoors use SSL to login to their host(gmail, yahoo). I search around and found MITM attack, but the problem is it only works for browsers app. my question is, is there anyway MITM can be used to sniff SSL on any app(the backdoor virus) that's doing the transmission?

    regardz
    mortalz

  4. #4
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    13

    Default Re: Sniffing SSL Traffic on any application?

    The only way I can think of to capture SSL traffic unencrypted is through a debugger like immunity debugger, you will have to probably write you own python script too to create a entry hook call back to sniff pre-encrypted traffic.

    Wirehark can only see data post encryption, using the hooking technique I believe it is possible to capture the data before it is encrypted and trap it again after it has been encrypted.

Similar Threads

  1. Replies: 1
    Last Post: 04-19-2010, 03:54 AM
  2. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  3. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  4. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •