summitt
commented
11 months ago Let me try sFTP later tonight. Maybe there is something specific to sFTP that makes it not work. I assume your client has installed the BURP CA as a trusted CA?
Open akanksha217 opened 11 months ago
summitt
commented
11 months ago Let me try sFTP later tonight. Maybe there is something specific to sFTP that makes it not work. I assume your client has installed the BURP CA as a trusted CA?
akanksha217
commented
11 months ago Hey, I'm trying this intercepting part for a thick client application, so there is no functionality where I can install the BURP CA inside the client. The client uses the System's Certificate Store and YES that has the Burp CA as a trusted CA installed. Also, I'm trying for FTPs (FTP over TLS). Do you recommend any other protocol that uses TLS to consider?
summitt
commented
11 months ago Ok. NoPE is not going to be able to decrypt SSH or SFTP traffic at this point. The handshake looks like its different than that of pure SSL/TLS sockets. I need to do a little testing/research to see how easy it would be to add this functionality.
akanksha217
commented
11 months ago Thank you for your response, Josh! As I mentioned earlier, I am trying to intercept traffic destined for an FTPS server (FTP over TLS). I believe this protocol transmits plain old FTP over TLS. I am using a Filezilla server configured for explicit TLS over FTP Reference link - https://www.howtogeek.com/devops/configuring-filezilla-server-for-ftps-on-windows-server/. I am aware that the encryption used by SFTP/SSH is different from the usual SSL/TLS connection so I'm not attempting to intercept SFTP traffic as of now. I hope this clarifies the scenario. Aside, could you please let me know which SSL/TLS-based services you have successfully intercepted via Noproxy? I mean any other services apart from the FTPS traffic that I should try to intercept? If you recommend any other protocols/services that use SSL, I would test SSL interception for those services. At this point, I am just trying for a successful POC which demonstrates that TCP traffic secured with SSL can be intercepted in plaintext by NoPE.
summitt
commented
11 months ago Thanks for the clarification. Taking a look.
Hello Josh, I tried with the latest version, but the SSL feature still doesn't work for me. I'm trying to capture FTP over TLS traffic. As long as I've not enabled SSL in the proxy listener the SSL traffic is captured (of course encrypted). If possible could you please help me with an example screenshot and everything as to how you're able to capture cleartext SSL/TLS traffic?