Results 1 to 9 of 9
  1. #1
    pavan528 is offline Member
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    0

    Default Modify or read https message before sending to server within a client.

    I am trying to check the integrity in a Bank Transaction that the message sent to the server has not been modified by any malware in the client system. For this I am trying to read the message sent to the server at the client boundary so as that it enters the network as customer with customer intended values. So, firstly I need to check where to I need intercept the message within client boundary. Secondly, Can I intercept the message and read its contents using Java?

    For a more clearer description , I rephrased my problem as below.
    I want to check what my Online Banking Server( Leta Say Bank of America) receives if I ask to transfer amount $100 to Account A . I assume that there is a malware in client system that changes recipient to B,$10000. My aplicaion which I intend to design, shoudl inform the user that the integrity of the message is compromised and should give the option to the user to abort it. plan to track what message is being sent from client to server. This I want to achieve by reading the message from client at the last point before it leaves the client and enter the network. Hope I am clear now. kindly let me know if I am not

    I am a newbie to Java. Can someone point me in right direction and let me know how to do it in Java?

  2. #2
    8foldpath is offline Member
    Join Date
    Feb 2014
    Location
    Australia
    Posts
    9
    Rep Power
    0

    Default Re: Modify or read https message before sending to server within a client.

    That's a very broad question. I would suggest familiarizing yourself with the network methods of Java, This would be a great place to start Java - Networking (Socket Programming) Tutorial

  3. #3
    kneitzel is offline Senior Member
    Join Date
    Feb 2014
    Posts
    447
    Rep Power
    1

    Default Re: Modify or read https message before sending to server within a client.

    Hi,

    in general there is no way that you could check the integrity in a way that you want.
    a) Technically, you try to check it on the client side. But what you receive can already be modified e.g. by a corrupted network card or soe layer that is still under your layer (e.g. the device driver was altered. But just some time ago I even read about some kind of BIOS virus.)
    b) Java is supporting TCP and UDP traffic. It does not support other raw stuff. (At least that was said inside the book "Java Network Programming, 4th Edition" by Elliotte rusty Harold.)
    c) If you fear that the system you are running on might be infected in any way - then your application could be infected / modified, too.
    d) What is really required? You have a SSL encrypted connection. So you can already do some checks:
    - Which certificate was used? (So you can check the trust. Normaly that is done automatically if the certificate was signed by someone trusted. If you are really bothered, you could not trust them and simply check the certificate yourself. (e.g. call someone at the bank and ask for the fingerprint and so on. That way you could identify if someone else e.g. NSA gets a trusted certificate for your bank.). And then the system always checks if the package received was correctly signed. If the packet was altered for any reason, then the signature is no longer valid and your application will see it.

    With kind regards,

    Konrad

  4. #4
    jashburn is offline Senior Member
    Join Date
    Feb 2014
    Posts
    219
    Rep Power
    1

    Default Re: Modify or read https message before sending to server within a client.

    Quote Originally Posted by pavan528 View Post
    This I want to achieve by reading the message from client at the last point before it leaves the client and enter the network.
    Conceptually this can actually be (sort of) done. You'll need to use a proxy, and this is described at mitmproxy 0.10 - How mitmproxy works how it handles HTTPS traffic. The proxy can reside on the same client machine or on a separate machine in the client environment. I suppose it'll also need to implement interception rules, e.g., only intercept and inspect requests going to the online banking web site, and not bother with requests going to, say, Google's search engine. Besides that, the browser will need to be configured to point to the proxy rather than direct into the Internet.

    In short, it can be done, but not one for the faint-hearted...

  5. #5
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,994
    Rep Power
    5

    Default Re: Modify or read https message before sending to server within a client.

    Just a little note on terminology: its a Http request, not a message. If you Google using the right terminology you might get more prudent results.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  6. #6
    pavan528 is offline Member
    Join Date
    Sep 2012
    Posts
    13
    Rep Power
    0

    Default Re: Modify or read https message before sending to server within a client.

    Hi Jashburn,
    So, you are saying that this can be done by creating a Proxy within between Browser and server from which the Browser will connect to the Internet(To the Bank Server Eventually). If that is the case, the assumption should be , message shouldn't be modified by the malware once it crosses the Proxy within client. Did I get your idea right? Does the proxy can intercept https requests as well? Do you have some more info on how this could be done or any pointers thereof?

  7. #7
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,994
    Rep Power
    5

    Default Re: Modify or read https message before sending to server within a client.

    Quote Originally Posted by pavan528 View Post
    Does the proxy can intercept https requests as well?
    Quote Originally Posted by jashburn View Post
    and this is described at mitmproxy 0.10 - How mitmproxy works how it handles HTTPS traffic.
    Its a nice day, isn't it? Good day for some reading.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  8. #8
    jashburn is offline Senior Member
    Join Date
    Feb 2014
    Posts
    219
    Rep Power
    1

    Default Re: Modify or read https message before sending to server within a client.

    Yes, the assumption is malware that exists in the client machine will not modify requests going through the proxy as many of them tend to concentrate on the browser's side of things. (Of course, there is a class of malware that gives the cracker pretty much complete visibility of everything happening in the client machine, and so the only defense against it would be to have a separate client machine with the proxy to inspect the traffic that's going out into the Internet - assuming that machine hasn't also been infected!)

    The web page I provided previously (and gimbal2 repeated above) clearly states how a proxy can work with HTTPS traffic, and the server/client relationship the proxy has in relation to the browser and the online banking web site. In other words, the web page contains all the pointers you need on the conceptual level. As to actual implementation, this is where you test your googling skillz!

  9. #9
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,994
    Rep Power
    5

    Default Re: Modify or read https message before sending to server within a client.

    Googling skills, brain activity and willpower, to be more exact about what will be tested. You can Google until you're dizzy, nothing is going to actually happen until you use your brain to absorb and apply the knowledge you find. That takes patience, time and experimentation.

    In all this I still don't really know what it all has to do with Java programming. I think the original idea was to build a proxy using Java to do this, but that has turned into "use existing tooling". Which is good advice, but renders the question off-topic nonetheless.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

Similar Threads

  1. Replies: 3
    Last Post: 06-03-2012, 09:48 AM
  2. Replies: 1
    Last Post: 06-03-2012, 03:07 AM
  3. Replies: 0
    Last Post: 11-27-2011, 02:41 PM
  4. Sending more than one message to the server.
    By eLancaster in forum New To Java
    Replies: 5
    Last Post: 05-31-2011, 08:34 PM
  5. Replies: 1
    Last Post: 07-14-2007, 05:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •