Ted Roche <[EMAIL PROTECTED]> writes:
> I always thought that you needed to be using an https:// page before
> sending user names and passwords to log in. My credit union claims
> this isn't true, and that since clicking the signon button takes you
> to an SSL page, the information typed in is transmitted securely. I
> have my doubts. Here's a portion of their claim, from the front page
> of http://www.navyfcu.org. I'd welcome opinions.
As others have noted, the page you type your information into is not
necessarilly where you end up sending the information by clicking
submit. Also as noted by others, you can discover this by looking at
the source for the web page you're viewing. However, it's rather easy
to miss this information, and if you're ever in doubt, the best way to
determine what's getting passed to a remote system is to watch what
passes over the wire.
To do this, fire up tcpdump or, if GUIs are your thing, use
'ethereal'[1]. Using tcpdump you can quickly see traffic going to an
SSL-secured website with something like this:
tcpdump -i en1 port https
This won't tell you more than that you've connected to a secure site
and are passing some traffic.
tcpdump -i en1 -qe -vvv -ls 400 port https
This will show you a lot more... and this:
tcpdump -i en1 -qexX -vvv -ls 400 port https
might even show you something interesting :)
The latter, if you remove the last s, and just scan for http, then
you'll be able to see all the HTTP gets your browser is requesting
from the remote server. For example, in the following packet, you can
clearly see a GET for an image, and the client informing the server
what browser I'm using, among other things:
21:52:52.564502 00:03:93:ee:39:3c > 00:09:5b:6b:74:8e, IPv4, length 633: IP
(tos 0x0, ttl 64, id 28269, offset 0, flags [DF], length: 619)
192.168.10.6.50153 > mobile9.com.http: tcp 579
0x0000: 0009 5b6b 748e 0003 93ee 393c 0800 4500 ..[kt.....9<..E.
0x0010: 026b 6e6d 4000 4006 70aa c0a8 0a06 4313 [EMAIL
PROTECTED]@.p.....C.
0x0020: 4bb4 c3e9 0050 0f4e bb70 ea99 a8b9 5018 K....P.N.p....P.
0x0030: ffff 688e 0000 4745 5420 2f69 6d61 6765 ..h...GET./image
0x0040: 732f 666f 6f74 6572 626f 7474 6f6d 5f30 s/footerbottom_0
0x0050: 332e 6769 6620 4854 5450 2f31 2e31 0d0a 3.gif.HTTP/1.1..
0x0060: 486f 7374 3a20 7777 772e 7765 6268 6f73 Host:.www.webhos
0x0070: 7469 6e67 6465 762e 636f 6d0d 0a55 7365 tingdev.com..Use
0x0080: 722d 4167 656e 743a 204d 6f7a 696c 6c61 r-Agent:.Mozilla
0x0090: 2f35 2e30 2028 4d61 6369 6e74 6f73 683b /5.0.(Macintosh;
0x00a0: 2055 3b20 5050 4320 4d61 6320 4f53 2058 .U;.PPC.Mac.OS.X
0x00b0: 204d 6163 682d 4f3b 2065 6e2d 5553 3b20 .Mach-O;.en-US;.
0x00c0: 7276 3a31 2e37 2e35 2920 4765 636b 6f2f rv:1.7.5).Gecko/
0x00d0: 3230 3034 3131 3037 2046 6972 6566 6f78 20041107.Firefox
0x00e0: 2f31 2e30 0d0a 4163 6365 7074 3a20 696d /1.0..Accept:.im
0x00f0: 6167 652f 706e 672c 2a2f 2a3b 713d 302e age/png,*/*;q=0.
0x0100: 350d 0a41 6363 6570 742d 4c61 6e67 7561 5..Accept-Langua
0x0110: 6765 3a20 656e 2d75 732c 656e 3b71 3d30 ge:.en-us,en;q=0
0x0120: 2e35 0d0a 4163 6365 7074 2d45 6e63 6f64 .5..Accept-Encod
0x0130: 696e 673a 2067 7a69 702c 6465 666c 6174 ing:.gzip,deflat
0x0140: 650d 0a41 6363 6570 742d 4368 6172 7365 e..Accept-Charse
0x0150: 743a 2049 534f 2d38 3835 392d 312c 7574 t:.ISO-8859-1,ut
0x0160: 662d 383b 713d 302e 372c 2a3b 713d 302e f-8;q=0.7,*;q=0.
0x0170: 370d 0a4b 6565 702d 416c 6976 653a 2033 7..Keep-Alive:.3
0x0180: 3030 0d0a 436f 6e6e 6563 7469 6f6e 3a20 00..Connection:.
Obviously, if you're connecting to an SSL-enabled system, then
everything you see will be garbage.
Footnote:
---------
[1] It's pronounced e-thereal, NOT ether-real. Ethereal is *actually*
a REAL word, not something made up for a piece of software which
just happens to work with ether-net.
--
Seeya,
Paul
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
