precursor
-
Posts
2 -
Joined
-
Last visited
Posts posted by precursor
-
-
I'm attempting to sniff my Xbox 360's traffic and see the cleartext data sent over HTTPS+SSL.
My xbox 360's local IP address is: 192.168.0.22.
My attacker Arch Linux box's address is: 192.168.0.18.
I have installed dsniff and SSLsplit on attacker box and am performing an ARP cache poisoning attack using the following commands simultaneous in two terminal windows:
arpspoof -i enp0s25 -t 192.168.0.1 192.168.0.22
arpspoof -i enp0s25 -t 192.168.0.22 192.168.0.1
I created a fake certificate using the following commands:
openssl genrsa -out ca.key 4096openssl req -new -x509 -days 1826 -key ca.key -out ca.crtI am running sslsplit like this:sslsplit -D -l connections.log -j /var/log/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080When I login to XBL on the 360, I see non-SSL traffic over port 80 in the logs, but the SSL traffic over port 443 has log files with nothing in them (size=0KB).My guess is there is a problem with my certificate, it's not able to verify that it has been signed by a Root CA. Do you know of a way to fix this issue?If that's not the issue, what is and how can I fix it?Thanks for your help.
Trouble using SSLsplit to sniff Xbox 360 traffic
in Security
Posted
I forgot to post the debug output from sslsplit: