Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Feature #65

Open
akanksha217 opened this issue Jul 19, 2023 · 5 comments
Open

SSL Feature #65

akanksha217 opened this issue Jul 19, 2023 · 5 comments

Comments

@akanksha217
Copy link

Hello Josh, I tried with the latest version, but the SSL feature still doesn't work for me. I'm trying to capture FTP over TLS traffic.
As long as I've not enabled SSL in the proxy listener the SSL traffic is captured (of course encrypted).
If possible could you please help me with an example screenshot and everything as to how you're able to capture cleartext SSL/TLS traffic?
MicrosoftTeams-image (5)
@summitt
Copy link
Owner

summitt commented Jul 19, 2023

Let me try sFTP later tonight. Maybe there is something specific to sFTP that makes it not work. I assume your client has installed the BURP CA as a trusted CA?

@akanksha217
Copy link
Author

Hey, I'm trying this intercepting part for a thick client application, so there is no functionality where I can install the BURP CA inside the client. The client uses the System's Certificate Store and YES that has the Burp CA as a trusted CA installed.
Also, I'm trying for FTPs (FTP over TLS). Do you recommend any other protocol that uses TLS to consider?

@summitt
Copy link
Owner

summitt commented Jul 19, 2023

Ok. NoPE is not going to be able to decrypt SSH or SFTP traffic at this point. The handshake looks like its different than that of pure SSL/TLS sockets. I need to do a little testing/research to see how easy it would be to add this functionality.

@akanksha217
Copy link
Author

Thank you for your response, Josh!
As I mentioned earlier, I am trying to intercept traffic destined for an FTPS server (FTP over TLS). I believe this protocol transmits plain old FTP over TLS. I am using a Filezilla server configured for explicit TLS over FTP
Reference link - https://www.howtogeek.com/devops/configuring-filezilla-server-for-ftps-on-windows-server/.
I am aware that the encryption used by SFTP/SSH is different from the usual SSL/TLS connection so I'm not attempting to intercept SFTP traffic as of now. I hope this clarifies the scenario.
Aside, could you please let me know which SSL/TLS-based services you have successfully intercepted via Noproxy? I mean any other services apart from the FTPS traffic that I should try to intercept? If you recommend any other protocols/services that use SSL, I would test SSL interception for those services. At this point, I am just trying for a successful POC which demonstrates that TCP traffic secured with SSL can be intercepted in plaintext by NoPE.

@summitt
Copy link
Owner

summitt commented Jul 21, 2023

Thanks for the clarification. Taking a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@summitt @akanksha217