Oliwer
Oliwer
PostsComments
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
Thank you for your time once again, canton.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
That's unfortunate. I'll have to stick with the chrome extension route of capturing the requests.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
Of course.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
The only thing is, I can't do that cause it would slow down the networking so it wouldn't be able to run infinitely while doing other stuff. It's meant to be a user application.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
Going out on a whim here, it's more or less the MITM route recommended?
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
I'll have a look at giving that a shot, thanks.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
Yes.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
I generated a self-signed one and added it to the trusted root certificates and do not have the browser one.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
dangit
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
It seems it does.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
I'm assuming this (but a lot more complex) is how Fiddler does it, since they also use a trusted root certificate key.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
Here's my current situation.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
private static void Device_OnPacketArrival(object sender, PacketCapture e)
{
  if (!next)
  {
    return;
  }

  var capture = e.GetPacket();
  if (capture == null)
  {
    return;
  }

  var packet = capture.GetPacket();
  if (packet is not EthernetPacket ethernetPacket || !packet.HasPayloadPacket)
  {
    return;
  }

  var payloadPacket = packet.PayloadPacket;
  if (payloadPacket.PayloadPacket is TcpPacket tcp)
  {
    // HANDSHAKE
    if (tcp.PayloadData.Length > 0 && tcp.PayloadData[0] == 0x16)
    {
      // TODO
    }
  }
}
private static void Device_OnPacketArrival(object sender, PacketCapture e)
{
  if (!next)
  {
    return;
  }

  var capture = e.GetPacket();
  if (capture == null)
  {
    return;
  }

  var packet = capture.GetPacket();
  if (packet is not EthernetPacket ethernetPacket || !packet.HasPayloadPacket)
  {
    return;
  }

  var payloadPacket = packet.PayloadPacket;
  if (payloadPacket.PayloadPacket is TcpPacket tcp)
  {
    // HANDSHAKE
    if (tcp.PayloadData.Length > 0 && tcp.PayloadData[0] == 0x16)
    {
      // TODO
    }
  }
}
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
I got the handshake.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
HTTPS payload decryption using root authorized private key
HTTPS payloads captured using sharppcap. I have the private key from a trusted root certificate, I am just not sure of how to decrypt the array of bytes appropriately. I've tried researching for quite a while, but to no avail.
30 replies
CC#
Created by Oliwer on 9/21/2024 in #help
Reading HTTP requests on machine level
Okay, so it's the FiddlerCore that costs and is a .NET lib. That makes more sense.
8 replies
CC#
Created by Oliwer on 9/21/2024 in #help
Reading HTTP requests on machine level
Ohhh, yes. Sorry, I should have made that clear.
8 replies
CC#
Created by Oliwer on 9/21/2024 in #help
Reading HTTP requests on machine level
Oh, sorry. Does Classic include the .NET lib? 🤔
8 replies
CC#
Created by Oliwer on 9/21/2024 in #help
Reading HTTP requests on machine level
Looks very pricey and I'm only learning right now. I've tried the sharppcap and npcap combo, but it doesn't seem to want to capture any local requests. Wireshark seems to be capturing a different device than sharppcap does too, perhaps that could be an issue?
8 replies
CC#
Created by Oliwer on 9/20/2024 in #help
Using sharppcap to read packets
Hmm. I'm currently attempting to capture incoming and outgoing HTTP requests from me web-browsing, but no packets are captured matching the case.
12 replies