How to create Man in the Middle instrumentation

Question

I\'m trying to see how a certain application is talking to a server in SSL. Basically, the process just hangs when it claims to have done some SSL communication. I want to

Answer 1

I haven't use it for this purpose but Fiddler should be able to do what you want.

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.

Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more.

Answer 2

Fiddler allows you to implement a man in the middle attack against yourself to see what is inside the SSL tunnel.

Fiddler generates a unique root SSL certificate for your computer, and then creates a session certificate signed by the root. When you configure Fiddler to decrypt SSL for you it acts as a proxy between you and the destination, decrypting the traffic using the site's SSL certificate and then re-encrypting it using its own certificate.

Your browser/application will see an untrusted certificate error. You can get around this error by choosing to trust Fiddler's root certificate.

The folks over at .Net Rocks did a great podcast episode on using Fiddler to sniff your traffic.

Answer 3

If you are using the amazingly useful Wireshark sniffer, then you can have it decrypt SSL if you are able to provide it the appropriate key files.