Hello! This is a network-related post. I'm trying to use pfSense, Squid proxy, and Wireshark, but I'm not an expert in any of these tools so I may be doing several things incorrectly.
I am trying to figure out how some Internet of Thing devices I have communicate. I'd eventually like to build my own API so that they can integrate directly with something like Home Assistant instead of depending on the vendor's cloud services. Part of that is figuring out the kinds of requests the devices send out and what the responses look like.
To this end, I've taken the following steps:
- These IoT devices are WiFi. I have connected them to a WiFi interface that I have control over.
- I use pfSense as my home router. I have installed Squid proxy and set it up as a transparent proxy server. It has SSL filtering enabled on the target interface that the IoT devices are on, and it is setup with a Certificate Authority. I set up a CA on pfSense using default settings.
- I exported the private key from the pfSense CA.
- While running a pfSense Packet Capture, I forced the IoT device to disconnect from the internet, and then reconnect. I downloaded this capture.
- I loaded the packet capture into Wireshark. I think I have Wireshark setup with the key file... maybe? (I set the key file in Preferences \ RSA, and in Preferences \ Protocols \ TLS \ RSA Keys for all ports I'm aware of used by the IoT device IP address.
- Wireshark is not decrypting the traffic. The log indicates several errors.
Those errors include things like:
dissect_ssl enter frame #42 (first time) packet_from_server: is from server - TRUE conversation = 000001CAA45A0A70, ssl_session = 000001CAA45A1A30 record: offset = 0, reported_length_remaining = 1448 ssl_try_set_version found version 0x0303 -> state 0x91 dissect_ssl3_record: content_type 22 Handshake decrypt_ssl3_record: app_data len 61, ssl state 0x91 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 57 bytes ssl_try_set_version found version 0x0303 -> state 0x91 Calculating hash with offset 5 61 ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93 ssl_set_cipher found CIPHER 0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -> state 0x97 trying to use TLS keylog in PATH_TO_MY_FILE.key checking keylog line: -----BEGIN PRIVATE KEY----- unrecognized line checking keylog line: NEXT LINE OF THE KEY FILE unrecognized line checking keylog line: NEXT LINE OF THE KEY FILE unrecognized line (etc.)
and
dissect_ssl enter frame #75 (first time) packet_from_server: is from server - TRUE conversation = 000001CAA45A9C70, ssl_session = 000001CAA45AA330 record: offset = 0, reported_length_remaining = 69 ssl_try_set_version found version 0x0303 -> state 0x10 dissect_ssl3_record: content_type 23 Application Data decrypt_ssl3_record: app_data len 64, ssl state 0x10 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available
I'm not sure what I'm doing wrong. Did I do something incorrectly with my proxy server? With Wireshark? With both?
[link] [comments]
from hacking: security in practice https://ift.tt/2epcZ03
Comments
Post a Comment