Thursday, November 18, 2010

SSL Debugging - Part - II - Intercepting traffic between WSO2 Carbon FE and BE

All WSO2 products are based on WSO2 Carbon, which sits as the core for all of them.

We do have a clear Front-End [FE], Back-End [BE] separation - where the FE web application talks to the BE, via web service calls.

This benefits the end user - which adds the flexibility of developing his own client to the corresponding back end functionality in a language independent manner.

All UI components you see in the default distribution talk to the BE services via SOAP over HTTPS.

In case of digging in to an issue - since this is on HTTPS - it's hard to intercept the communication channel and figure what exact messages being passed from FE to BE.

This is how you can do it - to intercept messages flowing over SSL.

Prerequisites:
1. ssldump
2. The private key of WSO2 Carbon, in PEM format - you can download it from here.

Run the following command from where you have the private key, and start any WSO2 Carbon based product - say on HTTPS port 9443

:\> sudo ssldump -Ad -k wso2carbon.pem -p wso2carbon -i lo0 host localhost and port 9443

Make sure to have the correct interface set as per your system.[-i lo0] and start the ssldump before you start the server.

Now you can track all the messages between FE and BE in clear text.
1 8 0.0621 (0.0007) C>SV3.1(203) application_data
---------------------------------------------------------------
POST /services/AuthenticationAdmin HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="urn:login"
User-Agent: Axis2
Host: localhost:9443
Transfer-Encoding: chunked

---------------------------------------------------------------
1 9 0.0626 (0.0005) C>SV3.1(399) application_data
---------------------------------------------------------------
173
    <?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
 <soapenv:Body>
  <ns1:login xmlns:ns1="http://authentication.services.core.carbon.wso2.org">
   <ns1:username>admin</ns1:username>
   <ns1:password>admin</ns1:password>
   <ns1:remoteAddress>0:0:0:0:0:0:0:1%0</ns1:remoteAddress>
  </ns1:login>
 </soapenv:Body>
</soapenv:Envelope>
0

---------------------------------------------------------------
1 10 0.2071 (0.1445) S>CV3.1(544) application_data
---------------------------------------------------------------
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=37FC902E5E7C6C0D081E28B4DF067A76; Path=/; Secure
Content-Type: application/soap+xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 19 Nov 2010 02:44:26 GMT

11f
    <?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
 <soapenv:Body>
  <ns:loginResponse
   xmlns:ns="http://authentication.services.core.carbon.wso2.org">
   <ns:return>true</ns:return>
  </ns:loginResponse>
 </soapenv:Body>
</soapenv:Envelope>

0 comments: