0

For my Internet Security course, I was given a project where I am to ultimately take advantage of the "remember my password" on a site by creating a certificate, manually put it in my "clients" browser to be trusted and then be able to sniff all session IDs when the client connects to a website's server. After doing this, I am to use the session ID to post onto profiles feed (twitter for example) but this part is later in the course. However, I do not know how I am to use the certificate in the first place? If its a real website, I would think I would make a copy or a phishing version of the site but that's not what my professor wants I think. He said to create certificate, upload it into whatever browser I use to log into twitter and somehow i'll be able to sniff encrypted traffic and see session IDs using PCAP library. All he wants is for me to document the IDs in the report..

I was thinking of using something along the lines of DHCP rogue server but I dont think I will be using a certificate that I made myself this way.

helplessKid
  • 15
  • 3
  • 1
    You can't sniff the plaintext of a connection to "some website" with pcap because you need the private key of the web server. Therefore you need an Man-in-the-middle proxy (and not pcap). Furthermore pcap is useless in case a connection with "perfect forward secrecy" is used, in such a case even with the server private key you can't decrypt the content afterwards -> use MitM-Proxy (mitmproxy, Fiddler, Burp,...). – Robert Apr 16 '19 at 15:13

1 Answers1

0

A terminating proxy is the easiest way to do this. If you are looking for a quick and easy way to make this happen, there is a Squid plugin for pfSense that makes this fairly easy. You will still need to import the keys into Wireshark to view the plaintext.

There is a pretty simple step-by-step available here

David Hoelzer
  • 15,862
  • 4
  • 48
  • 67