Packet Sniffing HTTPS Traffic.....

In todays security minded world (for the people that understand security) it is a good idea to be kept upto date in the latest advances in security.....there is a protocol called HTTPS (which stands for Hyper Text Transfer Protocol Secure) which operates on TCP:443 and cannot be sniffed or monitored.
Which is why it is essential that why you buy items you need to ensure that the website is secure to protect your data, for internal testing Microsoft have release an application called Fiddler 2 which is a HTTP sniffer that will sniff out all your HTTP traffic.
You can see the results when you visit the sniffer captures all the HTTP traffic:
You can also switch to "Timeline" mode which will allow you to view a timeline of your browser history:
You can also view statistics for the website your are visiting which will take into account loading times and HTTP codes:
However if you edit the Fiddler options from the menu bar and click on the HTTPS tab you will notice that there is a option for "Decrypt HTTPS Traffic" if you put a tick in this box as shown below then you will be able to sniff HTTPS traffic:
NOTE : If you tick the option for "Ignore server certificate errors" then you will not get the error as shown below, which makes this man-in-the-middle more dangerous....
Now if you visit a website (internal testing only) and try to login you will notice you get an error about the certificate being invalid....this should start the alarm bells ringing in your head.....obviously enter no data here
If at this stage you view the certificate you will notice that destination site is correct but the trustee is wrong, badly wrong as shown below, in this example you could have any illegal company here to steal data:
So, we have got to a stage here where the Halifax site has loaded on my computer with a bid reg bar at the top of the screen, therefore entering data at this stage would be stupid...and would almost definately result in having your details stolen!
So back to the original question, what can Fiddler see, well it can see the full URI path to all files on the remote server as well as remotley being able to extract data like "Username" and "Password" fields....
So next time the security bar goes red, check the certificate and then ask yourself why has the security bar gone red?
Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„