Komodia's Winsock LSP products, network interception/modification and SSL decryption blog » SSL

Free Komodia Downloads

chris — Thu, 24 Jun 2010 05:56:41 +0000

Are you in search of a TCP stream sniffer or how about an SSL sniffer?

Did you know that Komodia gives you free downloads and tools as well as their guides and resource pages?

Komodia gives you a completely free HTTP & HTTPS stream sniffer that uses Internet Explorer & FireFox. This software is free in order to show Komodia’s SSL filtering abilities.

There are two free versions of the TCP/IP library – an opensource C++ library that is completely free!

Chris

You Have Questions; Komodia Has Answers

chris — Thu, 10 Jun 2010 00:08:13 +0000

You have questions:

Does LSP layer supports port blocking?
When hijacking the Winsock connect function, what should I do next?
How can I set up a Vista 64 anonymizer?
How do I intergrate a Winsock modify package into my development?

And Komodia has answers:

Free LSP Guide & resource page
Free NDIS Guide
Komodia’s Redirector
Komodia’s SSL Digestor
and much more

Chris

Intercepting HTTPS traffic using C#

Barak Weichselbaum — Thu, 15 Apr 2010 09:00:43 +0000

Intercepting HTTPS traffic using C# can be done using the Komodia’s Redirector SDK, all you have to do is implement a couple of methods and that’s it.

Barak

SSL sniffing of XP

Barak Weichselbaum — Sun, 21 Mar 2010 05:08:56 +0000

SSL sniffing of XP, can be done in number of ways, it can be done with a SDK which is relevant for commercial applications or it can be done with a SSL Sniffer, you can even use Wireshark, but for that you must have the SSL key.

Barak

Internet Explorer sniffer

Barak Weichselbaum — Wed, 17 Mar 2010 04:38:56 +0000

Download our free Internet Explorer sniffer which is a useful tool for various tasks ranging from debugging your application to debugging web sites. Other Internet explorer sniffers can come with or without SSL/HTTPS decryption support, it can be Open source, or propietary.

Which to use? this is not an easy question to answer because the sniffer choice is really a combination or needs, budget and deployment environment. For example: you can’t use a GPL sniffer like Wireshark for a commercial application, but buying a SDK just to sniff a normal website for a one time debug isn’t making sense as well.

Barak

SSL Decrypt

Barak Weichselbaum — Wed, 17 Mar 2010 04:28:17 +0000

There are number of ways to perform SSL Decrypt and it’s up to the programmer to decide what works best for him:

Using a product/SDK that isn’t modifying the SSL certificate (like SSL Decryptor) but it’s targeted per specific browser, Komodia’s SSL Decryptor works with FF and IE.
Using a product/SDK that performs manipulation on the SSL certificate but isn’t alerting the user (like SSL Digestor), this product is more general and works with all browsers and the popular mail clients.
Using open source proxy which changing the certificate and alerts the user, basically they pefrom MITM attack, using these solutions is good for debug purposes.

Barak

Winsock lsp ssl trace

Barak Weichselbaum — Mon, 01 Mar 2010 16:18:23 +0000

Winsock LSP and SSL is a complex and simple issue basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.

Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:

Originating application.
Source Address/Port.
Destination address/Port.
Certificate.

Barak