如何创建中间人仪表 [英] How to create Man in the Middle instrumentation

问题描述

我正在尝试查看某些应用程序如何与 SSL 中的服务器通信.基本上，当它声称已经完成了一些 SSL 通信时，该进程就会挂起.我想通过捕获流量来调试问题，但我不能真正使用嗅探器，因为 SSL 可能看起来像一个 hexdump.

I'm trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to debug the problem by catching the traffic, but I can't really use a sniffer since SSL will probably look like a hexdump.

有什么好的中间人工具可以用作工具吗?我只需要一些可以向我展示解密后的通信的东西.希望很容易设置.我什至可以将应用程序指向我的机器可用的任何 IP 地址/端口(例如 localhost:8888)，因此代理就可以了.此外，我可能可以将应用程序配置为接受任何证书.

Is there a good man-in-the-middle tool that I could use as instrumentation? I just need something that will show me the decrypted communication. Hopefully very easy to setup. I could even point the application to any IP address/port available to my machine (eg localhost:8888), so proxies would be fine. Also, I can probably configure the application to accept any certificate.

您使用什么来模拟中间人 (mitm) SSL 攻击?

What do you use to simulate a man-in-the-middle (mitm) SSL attack?

更新:我尝试过 fiddler，但无法正常工作.我安装了 openssl 并输入了以下命令:openssl s_client -connect smtp.gmail.com:465

UPDATE: I tried fiddler and can't get it to work. I installed openssl and typed the following command: openssl s_client -connect smtp.gmail.com:465

Gmail 使用他们的证书和 220 mx.google.com ESMTP ... 进行响应.但是，Fiddler 不会捕获流量.我将 fiddler 中的 WinINET 选项设置为对所有协议使用相同的代理服务器".其他人可以让它工作(或不工作)吗?我想我需要找到一种方法让 openssl 使用代理.

Gmail responds with their certificate and a 220 mx.google.com ESMTP .... However, Fiddler does not capture the traffic. I set the WinINET options in fiddler to "Use the same proxy server for all protocols". Can anyone else get this to work (or not work)? I think I need to find a way to have openssl use a proxy.

推荐答案

Fiddler 允许您实施一个中间人攻击你自己，看看 SSL 隧道里面有什么.

Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.

Fiddler 为您的计算机生成唯一的根 SSL 证书，然后创建由根签名的会话证书.当您配置 Fiddler 为您解密 SSL 时，它充当您和目的地之间的代理，使用站点的 SSL 证书解密流量，然后使用自己的证书重新加密它.

Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.

您的浏览器/应用程序将看到不受信任的证书错误.您可以通过选择信任 Fiddler 的根证书来解决此错误.

Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.

.Net Rocks 的人们在使用上做了很棒的播客集Fiddler 嗅探您的流量.

The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.

这篇关于如何创建中间人仪表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！