Scribd Logo
Upload

Welcome to Scribd!

  • Lab 2 Itt557

    Uploaded by

    Muhammad
    469 views11 pages

    Original Title

    lab 2 itt557

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    469 views11 pages

    Lab 2 Itt557

    Uploaded by

    Muhammad

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    LABORATORY 2

    ITT 557
    SSL/TLS PROTOCOL

    NAME: MUHAMMAD HARITH BIN MOKHTAR

    STUDENT ID: 2021341101


    LAB OBJECTIVES
    At the end of this laboratory session, students should be able to:
    i. Capture and Analyze SSL/TLS traffic
    ii. List and understand each step in SSL/TLS handshake
    iii. Check server for misconfigurations of SSL

    REQUIREMENTS
    For this laboratory session, students are required to have the following:
    i. Wireshark
    ii. wget/curl

    INSTRUCTIONS (PART I)

    FOR THIS LAB, THERE ARE 2 PARTS, PART I DEALS WITH ANALYZING OF SSL
    PACKETS. PART II DEALS WITH CHECKING FOR ANY MISCONFIGURATION OF SSL
    ON A SERVER.

    STEP 1: CAPTURE A TRACE

    In this step, we are required to capture SSL traffic.


    The easiest way for us to produce SSL traffic is
    by accessing any web pages with HTTPS such as
    https://www.uitm.edu.my. However, web browsers have
    complex behaviors that can lead to a complex
    trace. So instead, we are going to use wget/curl
    to fetch a single HTTPS resource.

    1. Close all tabs and windows on any browsers that


    are not in use. We are trying to minimize any
    HTTPS traffic.

    2. Launch wireshark and start a new capture.

    2 | Mohd Ali Mohd Isa © 2021


    3. On the Capture Filter field, enter “tcp port 443” to
    capture only SSL traffic since SSL is normally carried
    on port 443.

    Figure 1

    4. Open up a terminal or command prompt.

    5. Use wget or curl to fetch a single HTTPS resource


    and generate SSL traffic. For this lab, we are going
    to explicitly use TLS 1.0 and turn off certificate
    checking. Here is the command for both wget and
    curl (choose either one or try both):
    curl –tlsv1 –insecure https://www.uitm.edu.my > out
    wget –secure-protocol=TLSv1 –no-check-certificate https://www.uitm.edu.my
    6. Remember to start capture on Wireshark before
    executing the curl/wget command.
    Once the command completed, stop the capture on
    Wireshark.

    STEP 2: INSPECT A TRACE

    In this step, we are going to look in detail the SSL


    packets. Bear in mind that there are several versions
    of SSL and TLS versionin use. To make sure that
    everyone has the same trace for this lab exercise,
    we have ensure that both wget and curl uses TSL version
    1.0
    7. Open up wireshark, we should see lists of packetsthat
    have been captured.

    3 | Mohd Ali Mohd Isa © 2021


    Figure 2

    8. Enter “ssl” on the filter field to show only the SSL


    packets.

    9. We should get list of packetssimilar to Figure 2. (If


    you do not have the Info columnon your wireshark,
    this can be added by right clicking the columnfield
    and adding a new columnand selecting the variables
    info.)

    10. Click on a trace for which the info reads “Application


    Data”. Expands it Secure Socket Layer block. Application data
    is generic TLS message which carry contents of the
    application.

    4 | Mohd Ali Mohd Isa © 2021


    11. Based on the “TLS Record Layer” block, answer the following question.
    a. What is the content type for a record containing “Application Data”?

    b. What version of TLS is being used, justify your answer.


    - It used TLSv1.2 because I used command curl –tlsv1 in the command
    prompt that means it will use TLSv1.0 or higher.

    c. Does the length cover only the payload or the Record Layer Header as well?

    - Length cover the payload and Record Layer Header

    5 | Mohd Ali Mohd Isa © 2021


    STEP 3: SSL HANDSHAKE

    In our video lecture, we have learnt about all the steps that take place during an
    SSL Handshake. Click on each step and view the resulting Transport Layer Security
    Block. Answer the following questions. (Provide screenshot for your answer)
    d. In both Client Hello and Server Hello, how long in bytes is the random data?

    Client Hello

    -571 bytes

    Server Hello

    -1454 bytes

    6 | Mohd Ali Mohd Isa © 2021


    e. How long in bytes in the session identifier?

    f. How many suites are supported by the client?

    - 16 suites

    g. Which cipher suite is selected by the server?


    -

    h. Who send the Change Cipher Spec message, the client, the server or both?

    - Both the client and server send the change cypher spec message to alert the receiving
    party that subsequent records will be secured by the newly agreed keys and Cipher Spec.

    i. What are the content carried inside the Change Cipher Spec message?

    7 | Mohd Ali Mohd Isa © 2021


    STEP 4: ALERT MESSAGE

    Finally, amongst the packet listed in the captured is label as alert message. Click
    on an alert message and answer the following:
    j. What is the purpose of the alert message?
    - The purpose of the alert message is TLS protocol uses it to signal the peer that
    the connection can be ended. When there is no more traffic to send, this is
    normally sent.

    k. Is the content of alert message encrypted? Can we read the message?

    - Yes, the alert message is encrypted, and we can’t read the message.

    BONUS
    This section is for students that would like to explore further the SSL/TLS Protocol.

    1. Remove the “ssl” filter to see not only SSL packet but also other TCP
    packets that are part of the connection.
    2. Try and capture HTTPS packet generated by the browsers instead of
    using wget or curl. Notice the differences between both traffic
    generated.
    3. Try and generate HTTPS traffic for SSL version 2 and 3.
    4. Configure wireshark so that it is able to look inside encrypted SSL
    messages by using a key.

    INSTRUCTIONS (PART II)

    In this part, you are required to use available online tools to check for any SSL
    misconfiguration at the server. Below is list of tools that you can use:

    8 | Mohd Ali Mohd Isa © 2021


    • SSL Labs - https://www.ssllabs.com/ssltest/analyze.html
    • GeekFlare TLS Scanner - https://gf.dev/tls-scanner
    • DigiCert - https://www.digicert.com/help/
    First please choose a domainthat you would like to check:

    Domain name: www.uitm.edu.my

    Based on the result that you get, please answer the following question about the
    chosen domain.
    A. Who is the issuer of the certificate?
    - Sectigo RSA Domain Validation Secure Server CA

    B. What version of protocol is supported by the browser?


    - SSLv2, SSLv3, TLS 1.2, TLS 1.3

    9 | Mohd Ali Mohd Isa © 2021


    10 | Mohd Ali Mohd Isa © 2021
    C. Is the any vulnerabilities exist at the server?
    - For now, it seems do not have any vulnerabilities, but it have a potentially vulnerable.

    Finally, you can also check your browser SSL status by vising the following website
    https://www.howsmyssl.com/.

    11 | Mohd Ali Mohd Isa © 2021

    You might also like