1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Buying HTTPS session decyphered

Discussion in 'Programming' started by nitsanbn, Jun 10, 2013.

  1. #1
    Hi,

    I have an android application which uses HTTPS to contact with it's main server.

    I would like to know what's being transferred in this HTTPS session.

    I will pay 5$ for someone who can give me a way to sniff this session.
    (a link to a WORKING tutorial would be great).

    You will get paid after session is decrypted successfully using your guide.

    Thanks
     
    nitsanbn, Jun 10, 2013 IP
  2. aidanriley629

    aidanriley629 Banned

    Messages:
    429
    Likes Received:
    23
    Best Answers:
    3
    Trophy Points:
    175
    As Seller:
    100% - 0
    As Buyer:
    100% - 3
    #2

    It's probably using PHP or another programming language more advanced than HTML. Session variables are global and can send just about any kind of information. Here's an example of using the session variable to count how many times a guy has been on the site, and say you've been here X amount of times.
    <?php
     
    session_start();
     
    if (empty([B]$_SESSION[/B]['count'])) {
      [B]$_SESSION[/B]['count'] = 1;
    } else {
      [B]$_SESSION[/B]['count']++;
    }
    ?>
     
    <p>
    Hello visitor, you have seen this page <?php echo [B]$_SESSION[/B]['count']; ?> times.
    </p>
     
    <p>
    To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click
    here</a>.
    </p>
    Code (markup):
    I could tell you a lot more if I saw the code to your app.
     
    aidanriley629, Jun 10, 2013 IP
  3. omgitsfletch

    omgitsfletch Well-Known Member

    Messages:
    1,222
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    145
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #3
    He's saying he doesn't have the code, and wants to sniff the communication from the app running on his phone, to whatever server it's communicating to. Realistically, this isn't going to happen, at least not over an HTTPS connection. The typically HTTPS connection is a 128-bit TLS connection. As long as the certificates are managed properly and the server using it has a fairly competent admin, it's very secure.

    In short: you aren't going to find someone who can snoop the traffic for you. There ARE people who could do it, but there AREN'T people who can do it and would take $5 for the trouble. Find another way.
     
    omgitsfletch, Jun 15, 2013 IP
  4. nitsanbn

    nitsanbn Active Member

    Messages:
    382
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    58
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #4
    Thank you for your replies. I have managed to snoop it on my own :)
    Problem solved.
     
    nitsanbn, Jun 16, 2013 IP
  5. omgitsfletch

    omgitsfletch Well-Known Member

    Messages:
    1,222
    Likes Received:
    44
    Best Answers:
    0
    Trophy Points:
    145
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #5
    Out of curiosity, how did you manage to snoop it? Get access to the source code itself, or catch it before it was encrypted for transmission?

    Because I'm doubting you were able to decipher SSL traffic :-p
     
    omgitsfletch, Jun 18, 2013 IP