Networking

Decrypting HTTPS (SSL/TLS) Tunnels Using Fiddler

Posted on

Reading Time: 3 minutes

A few days ago the phone rings, I get an ear-full about how some application isn’t working correctly and how it’s all the network’s fault and the repercussions of this outage will possibly cause so much damage that the world will start turning…the OTHER DIRECTION. Unfortunately for us IT Professionals, this is all too common of an occurrence. Nonetheless, I jumped in to see what I could do. I had never seen this application before so I had to start troubleshooting from the ground up. Very quickly I noticed it was running (or supposed to be running) over web protocols, so I whipped out the handy-dandy wireshark to get a look. Hm…it establishes a TLSv1 tunnel and shoots all the data at the server that way. Well, the Apps team was no where to be found so I had to find out what was moving across the wire here to figure out the issue. This is where fiddler comes in to play *Trumpets Fanfare*.

Fiddler is a fantastic little tool that does different things with packet captures and things of the sort. For this blog, I want to talk about its’ ability to man in the middle your own machine to provide visibility into an encrypted tunnel. Lets do a little demonstration here.

I’ve done a quick search in on bing, using HTTPS — thing fancy here at all.

encrypted_search_browser

 

 

I started fiddler prior to performing the search above, and this is what it shows up with, a whole bunch of nothing. Tunnel Tunnel Tunnel Tunnel…dang security.

fiddler_encrypted

 

 

Alas, fiddler has an option to man in the middle yourself and decrypt the tunnel! Just go to Tools > Fiddler Options > HTTPS > and check the box that says “Decrypt HTTPS traffic”. I chose browsers only for this demonstration, though you can do all traffic for other uses and applications.

select_decrypt

 

 

It lets you know that you’re doing something that defies the laws of CAs.

scary_rootcert

 

Now here we go, re-launch the browser and go to https://bing.com, it throws a security error stating that the certificate is untrusted.

untrusted

 

For this to work, you will need to add the exception, if you view the cert you can see that it was assigned to fiddler, when it’s clearly stating that it is for bing.com

cert_fiddler

 

Once that is all excepted, you can do the same search we did before — plain and simple.

encrypted_search_browser

 

Back to Fiddler, and ta-da! Congratulations, you’ve bypassed the security of your own data and now have visibility into the tunnel.

viewing_encrypted

 

 

That’s it, very simple. You can view inside your SSL/TLS tunnel using fiddler in just a few simple steps. Side note, I was able to use that to determine what was happening on the wire for my application failure and was able to remedy the failure.

 

I hope I’ve made your day at least a little bit easier!

 

 

This entry was posted in Networking, Security, Windows and tagged , , , , , , , , , .

Quick n’ Dirty Network Latency Graph using Powershell

Posted on Updated on

Reading Time: 2 minutes

This will be very short, sweet and to the point.

I was on a project recently where I was unable to access (and therefore monitor) any of the networking equipment and the WAN links thereof. Noticing that the issues that were occurring were due to a network problem I spoke with the folks who ran that particular network — they were no help. They gave me as little information as possible and punted the issue back to me saying it was a server problem. So here I am, no access to the network equipment, can’t monitor or log the WAN links, workstation in branch office having intermittent issues reaching the server in the main office. Enter powershell.


#-----Start-----
do {

#Ping google.com and select only the response time then output to file
test-connection google.com | Select-Object -Property ResponseTime >> pingoutput.csv

#Sleep for 10 seconds
Start-Sleep -s 10

#Write the time to the file
get-date >> pingoutput.csv

#Set the Time variable for the end while condition
$Time = (Get-Date).Hour

}

#While loop end condition states continue only if time is less than 5pm (24 hour clock)
while ($Time -le 17)
#-----End-----

The comments in the script state how it works and what each line does. After 5pm (the while loop end condition) you can grab that output .csv file and pull it in to excel. Once there you select your data real quick and you’ve got yourself a nice little graph of network latency in milliseconds over the period of the day.

network_latency

 

As you can tell there were some problems with this particular link.

 

 

There ya go!

 

This entry was posted in Networking, Scripting and tagged , , , .