precursor Posted March 15, 2015 Share Posted March 15, 2015 I'm attempting to sniff my Xbox 360's traffic and see the cleartext data sent over HTTPS+SSL. My xbox 360's local IP address is: 192.168.0.22. My attacker Arch Linux box's address is: 192.168.0.18. I have installed dsniff and SSLsplit on attacker box and am performing an ARP cache poisoning attack using the following commands simultaneous in two terminal windows: arpspoof -i enp0s25 -t 192.168.0.1 192.168.0.22 arpspoof -i enp0s25 -t 192.168.0.22 192.168.0.1 I created a fake certificate using the following commands: openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 1826 -key ca.key -out ca.crt I am running sslsplit like this: sslsplit -D -l connections.log -j /var/log/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 When I login to XBL on the 360, I see non-SSL traffic over port 80 in the logs, but the SSL traffic over port 443 has log files with nothing in them (size=0KB). My guess is there is a problem with my certificate, it's not able to verify that it has been signed by a Root CA. Do you know of a way to fix this issue? If that's not the issue, what is and how can I fix it? Thanks for your help. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.