How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and.

Slides:



Advertisements
Similar presentations
Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
Advertisements

The results for this search are displayed in the Summary format with a total of 3808 citations.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
WebDT Content Manager 6.0 Pro
AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Implementation Lessons using WebRTC in Asterisk
PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
SSL Implementation Guide Onno W. Purbo
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
11 Getting Started with ASP.NET Beginning ASP.NET 4.0 in C# 2010 Chapters 5 and 6.
Research Notes Tool Chuck Connell, Tufts Univ.. Tufts University Computer Science22 Two Research Problems References… Many types – books, articles, web.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access for Remote Clients and Networks.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.
SSL Technology Overview and Troubleshooting Tips.
Course 201 – Administration, Content Inspection and SSL VPN
So – You want to learn how to put an advanced article submission (cut and paste) onto the state website. (Note: If you have not done so, you will need.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
IT:Network:Applications.  Single Key (Symmetric) encryption ◦ One “key” or passphrase used to encrypt and decrypt ◦ FAST – good for large amounts of.
Bradley Cowie Supervised by Barry Irwin Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING AND.
 TCP/IP is the communication protocol for the Internet  TCP/IP defines how electronic devices should be connected to the Internet, and how data should.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 11.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Pertemuan 6 Finishing the Configuration. Discussion Topics Importance of configuration standards Interface descriptions Configuring interface description.
Information Security 493. Lab 11.3: Encrypt a Windows File Windows operating systems since Windows 2000 have included the ability to encrypt files. Follow.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Wireless Networks and the NetSentron By: Darren Critchley.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Cisco ASA 5505 Joseph Cicero Northeast Wisconsin Technical College.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Publishing Your Web Pages Ann Emmanuel SIUE Web Administrator
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Exporting User Certificate from Internet Explorer.
Integrating and Troubleshooting Citrix Access Gateway.
TCP/IP (Transmission Control Protocol / Internet Protocol)
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
Sniffer, tcpdump, Ethereal, ntop
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
SQL SERVER 2008 Installation Guide A Step by Step Guide Prepared by Hassan Tariq.
1 Getting Started with C++ Part 1 Windows. 2 Objective You will be able to create, compile, and run a very simple C++ program on Windows, using Microsoft.
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
VuGen - Secured application recording (
INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Cloud, Internet, and Browsers. Filezilla Checklist  ISIS access  COMP101 file on your computer  FILEZILLA installed  Saved passwords and certificate.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
APACHE Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix servers, the Apache Web server.
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Lab 2: Packet Capture & Traffic Analysis with Wireshark
COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.
Securing the Network Perimeter with ISA 2004
Novell BorderManager®: Advanced Packet Filtering
Implementing TMG Server Publishing
ما هي خدمة بروتوكول نقل الملفات؟
Information Services & Technology
A Programmer’s Guide to Secure Connections
Wireshark(Ethereal).
Presentation transcript:

How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and decrypt the encrypted HTTPS traffic from Lawson Smart Office which sometimes cannot be captured with Fiddler, and which is unreadable in Wireshark. This technique is useful for troubleshooting IBrix, Smart Office, Personalized Scripts, etc.

The goal is to capture IBrix traffic from Smart Office.

I followed my own instructions (although Im not on any VPN).

But Fiddler is not capturing any IBrix traffic from Smart Office; its just capturing some noise. This surprises me because it used to work in the past.

I dont know why Fiddler doesnt capture traffic. Maybe its because the protocol to M3 Workplace is HTTPS and not HTTP (see screenshot here). But I think that worked in the past. Or maybe Smart Office is not using WinINet anymore (plausible; to be verified).

Wireshark correctly captures the traffic, but its encrypted with TLS (SSL) and unreadable. Tip: Filter the packets to make it easier to identify Smart Office traffic, for example: tcp.port==443 and ip.addr==

I found this article on Internet that explains how to use Wireshark to decrypt SSL. Lets try. s/node/1606/decrypting+ssl+traffic+ troubleshoot+nam I found this article on Internet that explains how to use Wireshark to decrypt SSL. Lets try. s/node/1606/decrypting+ssl+traffic+ troubleshoot+nam

This article is similar: decrypt-https-traffic-with- wireshark.html decrypt-https-traffic-with- wireshark.html This article is similar: decrypt-https-traffic-with- wireshark.html decrypt-https-traffic-with- wireshark.html

And heres some general information about SSL: And heres some general information about SSL:

I make sure I have the correct version of Wireshark, the one with SSL enabled, which according to the article is determined if we have the settings RSA keys list and SSL debug file in Wireshark Preferences.

I installed OpenSSL. For Windows it can be found at: > Related > Binaries I installed OpenSSL. For Windows it can be found at: > Related > Binaries

Start capturing with Wireshark: Capture > Interfaces > Start.

Open Smart Office, login, open the Ibrix, and load some data in the IBrix. That will generate plenty of interesting traffic.

For curiosity, find the TLS packet that contains the Server Hello. You can sort by Protocol or by Info. The packet contains the servers public key.

Now lets export the servers private key. For that we need access to the server. Go to the Smart Office IIS server, expand to Default Web Site > Properties > Directory Security > View Certificate.

Continue to Details > Copy to File, and follow the screenshots.

Run this command: openssl pkcs12 -in CIDW82.pfx -out CIDW82.pem –nodes Note: Be careful with the generated pem file as it contains the servers certificate in clear text! Run this command: openssl pkcs12 -in CIDW82.pfx -out CIDW82.pem –nodes Note: Be careful with the generated pem file as it contains the servers certificate in clear text!

Go to WireShark > Edit > Preferences > Protocols > SSL > RSA keys list. In my case its: ,443,http,C:\THILOP\CIDW82.pem; ,443,http,C:\THILOP\CIDW44.pem Click on Apply. Go to WireShark > Edit > Preferences > Protocols > SSL > RSA keys list. In my case its: ,443,http,C:\THILOP\CIDW82.pem; ,443,http,C:\THILOP\CIDW44.pem Click on Apply. Actual setting for my two keys: ,443,http,C:\THILOP\LAWSON~1\Products\LAWSON~2\MYDOCU~1\HOWTOD~2\CIDW82.pem; ,443,http,C:\THILOP\LAWSON~1\Products\LAWSON~2\MYDOCU~1\HOWTOD~2\CIDW44.pem

Make sure the SSL debug file says: filename.pem successfully loaded Make sure the SSL debug file says: filename.pem successfully loaded

Now Wireshark is showing the decrypted HTTP packets

Right-click on a packet > Follow SSL stream. Now we can see all the Smart Office traffic in clear text. Next time you open Wireshark, you dont need to do any of this again. Indeed, Wireshark has remembered the servers private keys. So just capture the traffic as usual, and right-click > Follow SSL stream. Right-click on a packet > Follow SSL stream. Now we can see all the Smart Office traffic in clear text. Next time you open Wireshark, you dont need to do any of this again. Indeed, Wireshark has remembered the servers private keys. So just capture the traffic as usual, and right-click > Follow SSL stream.

Conclusion With the technique described in this paper we were able to intercept and decrypt the encrypted HTTPS traffic from Lawson Smart Office which otherwise cannot be captured with Fiddler, and which is unreadable in Wireshark. This technique is useful for troubleshooting IBrix, Smart Office, Personalized Scripts, etc. Does that demonstrate a flaw in Smart Office? Not at all. Smart Office relies on HTTPS which relies on SSL encryption which is secure and which itself relies on public and private keys. To decrypt the traffic, we had to to export the servers private key (which by definition is not public) and for that we had to get access to the server (which is secure). So this technique does not demonstrate any flaw.

Thibaud Lopez Schneider