Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and.

Published byStanley Godbolt Modified over 10 years ago

Similar presentations

Presentation on theme: "How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and."— Presentation transcript:

1 How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and decrypt the encrypted HTTPS traffic from Lawson Smart Office which sometimes cannot be captured with Fiddler, and which is unreadable in Wireshark. This technique is useful for troubleshooting IBrix, Smart Office, Personalized Scripts, etc.

2 The goal is to capture IBrix traffic from Smart Office.

3 I followed my own instructions (although Im not on any VPN).

4 But Fiddler is not capturing any IBrix traffic from Smart Office; its just capturing some noise. This surprises me because it used to work in the past.

5 I dont know why Fiddler doesnt capture traffic. Maybe its because the protocol to M3 Workplace is HTTPS and not HTTP (see screenshot here). But I think that worked in the past. Or maybe Smart Office is not using WinINet anymore (plausible; to be verified).

6 Wireshark correctly captures the traffic, but its encrypted with TLS (SSL) and unreadable. Tip: Filter the packets to make it easier to identify Smart Office traffic, for example: tcp.port==443 and ip.addr==208.92.250.178.

7 I found this article on Internet that explains how to use Wireshark to decrypt SSL. Lets try. http://www.novell.com/communitie s/node/1606/decrypting+ssl+traffic+ troubleshoot+nam I found this article on Internet that explains how to use Wireshark to decrypt SSL. Lets try. http://www.novell.com/communitie s/node/1606/decrypting+ssl+traffic+ troubleshoot+nam

8 This article is similar: http://htluo.blogspot.com/2009/01/ decrypt-https-traffic-with- wireshark.html http://htluo.blogspot.com/2009/01/ decrypt-https-traffic-with- wireshark.html This article is similar: http://htluo.blogspot.com/2009/01/ decrypt-https-traffic-with- wireshark.html http://htluo.blogspot.com/2009/01/ decrypt-https-traffic-with- wireshark.html

9 And heres some general information about SSL: http://wiki.wireshark.org/SSL And heres some general information about SSL: http://wiki.wireshark.org/SSL

10 I make sure I have the correct version of Wireshark, the one with SSL enabled, which according to the article is determined if we have the settings RSA keys list and SSL debug file in Wireshark Preferences.

11 I installed OpenSSL. For Windows it can be found at: www.openssl.org > Related > Binaries www.openssl.org I installed OpenSSL. For Windows it can be found at: www.openssl.org > Related > Binaries www.openssl.org

12 Start capturing with Wireshark: Capture > Interfaces > Start.

13 Open Smart Office, login, open the Ibrix, and load some data in the IBrix. That will generate plenty of interesting traffic.

14 For curiosity, find the TLS packet that contains the Server Hello. You can sort by Protocol or by Info. The packet contains the servers public key.

15 Now lets export the servers private key. For that we need access to the server. Go to the Smart Office IIS server, expand to Default Web Site > Properties > Directory Security > View Certificate.

16 Continue to Details > Copy to File, and follow the screenshots.

17 Run this command: openssl pkcs12 -in CIDW82.pfx -out CIDW82.pem –nodes Note: Be careful with the generated pem file as it contains the servers certificate in clear text! Run this command: openssl pkcs12 -in CIDW82.pfx -out CIDW82.pem –nodes Note: Be careful with the generated pem file as it contains the servers certificate in clear text!

18 Go to WireShark > Edit > Preferences > Protocols > SSL > RSA keys list. In my case its: 208.92.250.178,443,http,C:\THILOP\CIDW82.pem;208.92.250.118,443,http,C:\THILOP\CIDW44.pem Click on Apply. Go to WireShark > Edit > Preferences > Protocols > SSL > RSA keys list. In my case its: 208.92.250.178,443,http,C:\THILOP\CIDW82.pem;208.92.250.118,443,http,C:\THILOP\CIDW44.pem Click on Apply. Actual setting for my two keys: 208.92.250.178,443,http,C:\THILOP\LAWSON~1\Products\LAWSON~2\MYDOCU~1\HOWTOD~2\CIDW82.pem;208.92.250.118,443,http,C:\THILOP\LAWSON~1\Products\LAWSON~2\MYDOCU~1\HOWTOD~2\CIDW44.pem

19 Make sure the SSL debug file says: filename.pem successfully loaded Make sure the SSL debug file says: filename.pem successfully loaded

20 Now Wireshark is showing the decrypted HTTP packets

21 Right-click on a packet > Follow SSL stream. Now we can see all the Smart Office traffic in clear text. Next time you open Wireshark, you dont need to do any of this again. Indeed, Wireshark has remembered the servers private keys. So just capture the traffic as usual, and right-click > Follow SSL stream. Right-click on a packet > Follow SSL stream. Now we can see all the Smart Office traffic in clear text. Next time you open Wireshark, you dont need to do any of this again. Indeed, Wireshark has remembered the servers private keys. So just capture the traffic as usual, and right-click > Follow SSL stream.

22 Conclusion With the technique described in this paper we were able to intercept and decrypt the encrypted HTTPS traffic from Lawson Smart Office which otherwise cannot be captured with Fiddler, and which is unreadable in Wireshark. This technique is useful for troubleshooting IBrix, Smart Office, Personalized Scripts, etc. Does that demonstrate a flaw in Smart Office? Not at all. Smart Office relies on HTTPS which relies on SSL encryption which is secure and which itself relies on public and private keys. To decrypt the traffic, we had to to export the servers private key (which by definition is not public) and for that we had to get access to the server (which is secure). So this technique does not demonstrate any flaw.

23 Thibaud Lopez Schneider thibaud.lopez.schneider@us.lawson.com

Download ppt "How to decrypt Smart Offices encrypted traffic Thibaud Lopez Schneider Lawson Software April 27, 2010 In this paper I will describe how to intercept and."

Similar presentations

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???

Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
The results for this search are displayed in the Summary format with a total of 3808 citations.

The results for this search are displayed in the Summary format with a total of 3808 citations.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
WebDT Content Manager 6.0 Pro

WebDT Content Manager 6.0 Pro
AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.

AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,

© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Implementation Lessons using WebRTC in Asterisk

Implementation Lessons using WebRTC in Asterisk
PlanetLab www.planet-lab.org. What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.

PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
11 Getting Started with ASP.NET Beginning ASP.NET 4.0 in C# 2010 Chapters 5 and 6.

11 Getting Started with ASP.NET Beginning ASP.NET 4.0 in C# 2010 Chapters 5 and 6.
Research Notes Tool Chuck Connell, Tufts Univ.. Tufts University Computer Science22 Two Research Problems References… Many types – books, articles, web.

Research Notes Tool Chuck Connell, Tufts Univ.. Tufts University Computer Science22 Two Research Problems References… Many types – books, articles, web.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Similar presentations

Ads by Google