What your apps say about you (and how to find out)

From IFF Wiki
Jump to: navigation, search

Session Description

We will start by showing how to easily set up a home network to capture your phone's Internet traffic, which is often enough to reveal sensitive information an app sends about you. Then we will demonstrate how to decrypt https traffic, which is often used to encrypt sensitive information. Some apps encrypt their traffic by rolling their own "homebrew" encryption, which can often be easily decrypted. We will briefly demonstrate how to decrypt this traffic in typical cases. Anyone interested or concerned about what their app may say about them will find this session informative.

What your apps say about you (and how to find out)
Presenter/s Antonio Espinoza, Jeffrey Knockel
Organization
Bio/s Antonio is an OTF fellow and a PhD student in Computer Science at the University of New Mexico. He studies Dynamic Information Flow Tracking and its practical applications. Jeff is a senior researcher at the Citizen Lab and a PhD student in Computer Science at the University of New Mexico. He uses reverse engineering techniques to reveal how software behavior harms your Internet freedom.
Language English
Topics

Setup Summary

If you're curious, here is a summary of the steps we will be using in our demo to set up mitmproxy, which is a tool we will be using during our session to monitor SSL traffic sent from phones. Feel free to reference these instructions afterwards.

We are running mitmproxy on Ubuntu 14.04.4.

  1. Set up wireless access point.
    1. Click on the Network Manager icon
    2. Click Create New Wi-Fi Network
    3. Choose any network name (we call ours mitmproxy)
    4. Select WPA Security
    5. Enter a key password 8 characters or longer
    6. Click Create
    7. Edit the file /etc/NetworkManager/system-connections/connectionName (in our case we edit: /etc/NetworkManager/system-connections/mitmproxy)
    8. Change the line "mode=adhoc" to "mode=ap"
    9. Click on the Network Manager icon (again)
    10. Select Create New Wi-Fi Network
    11. For connection select the network you created and click Create
  2. We now need to configure the computer to redirect wireless traffic to mitmproxy which listens on port 8080
    1. sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    2. sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
  3. Next start mitmproxy with the following command:
    1. mitmproxy -T --host --ciphers-client=RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA
      • The -T and --host options are explained here
      • The --ciphers-client option specifies the ciphers used between the phone and mitmproxy; we specify ciphers without perfect forward secrecy which simplifies decrypting SSL traffic
  4. We can finally connect our phone to the network created in step 1
    1. Click settings
    2. Select Wi-Fi
    3. Select the network you created (ours is mitmproxy)
  5. Next we need to put the certificate on the phone
    1. Open a browser
    2. Navigate to the address mitm.it
    3. Click on the icon of the operating system your phone is using
    4. Follow the directions on the phone to add the new certificate

The following are optional instructions for decrypting SSL in Wireshark.

  1. In Wireshark
    1. Click Edit
    2. Click Preferences
    3. Click on the Protocols drop down menu
    4. Go to SSL
    5. Click the Edit button next to RSA keys list
    6. Click the new button
  2. Fill out the pop up window with the following information:
    • IP Address to any
    • Port to 443
    • Protocol to http
    • Key file to ~/.mitmproxy/mitmproxy-ca.pem
  3. Save the preferences
    1. Click OK
    2. Click Apply
    3. Click OK

Session Comments