reverse engineering ssl connection?

Discussion in 'OT Technology' started by synthetic, Aug 3, 2007.

  1. synthetic

    synthetic New Member

    Joined:
    Apr 9, 2002
    Messages:
    5,704
    Likes Received:
    0
    Location:
    San Diego, CA
    so yea.... im trying to write a client to connect with chat.myspace.com which uses https.... tried in perl so far no luck....get unknown errors from different ssl perl modules. also try hacking their flash code to connect in no luck (i assume bacause it uses their libraries, not to familiar with flash). i see the flash client of theirs sent 10x more data on the intitial connect.... while the perl clients just do the hello think... i think the client skips the hello phase and sends a cert off that bat.... anyone anyone got any ideas how to get in?
     
  2. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    :lockd: read the forum rules
     
  3. Sexual Vanilla

    Sexual Vanilla New Member

    Joined:
    May 23, 2005
    Messages:
    6,305
    Likes Received:
    0
    Location:
    South Carolina
  4. mace

    mace i don't read

    Joined:
    Jun 6, 2004
    Messages:
    12,567
    Likes Received:
    0
    Location:
    Texas
    the .net framework has support for SSL
     
  5. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    AFAIK, reverse engineering is not illegal.
     
  6. Sexual Vanilla

    Sexual Vanilla New Member

    Joined:
    May 23, 2005
    Messages:
    6,305
    Likes Received:
    0
    Location:
    South Carolina
    But "hacking their flash code" is.
     
  7. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Yea, definitely not kosher for this forum.
     
  8. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    You guys are pathetic. He's trying to build a tool, not violate any laws. Get a grip.
     
  9. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    You're gonna need to grab a pcket sniffer and monitor what your PC is sending thru a 'normal' session. That will tell you what encryption it's using and all that. Once you know all that you'll be able to make it work. If I recall right SSL supports RC2, RC4, DES, Triple DES, 40 bit DES and AES (with TLS) and those are just the encryption types, then you gotta worry about message authentication and any public key exchanges that may take place.
     
  10. synthetic

    synthetic New Member

    Joined:
    Apr 9, 2002
    Messages:
    5,704
    Likes Received:
    0
    Location:
    San Diego, CA
    well i was using ngrep how the hell am i supposed to figure out the crypto algo with that? i guess i can try to see if ethereal can detect it
     
  11. Jables

    Jables OT Supporter

    Joined:
    Jul 27, 2007
    Messages:
    6
    Likes Received:
    0
    Perl + LWP + SSLeay/OpenSSL is all you need to connect to TLS/SSL services. There's no need to sniff packets and break encryption.

    and a 10 second google search for sample code gives us this:



    use LWP::UserAgent;

    my $ua = LWP::UserAgent->new;
    my $req = HTTP::Request->new(GET => 'https://www.helsinki.fi/');
    my $res = $ua->request($req);
    if ($res->is_success) {
    print $res->as_string;
    } else {
    print "Failed: ", $res->status_line, "\n";
    }
     
  12. synthetic

    synthetic New Member

    Joined:
    Apr 9, 2002
    Messages:
    5,704
    Likes Received:
    0
    Location:
    San Diego, CA
    yes ive used many code samples but they are doign somethign different since it is a streaming connection, and i know for sure they are not doing a simple get of a webpage document
     

Share This Page