EvilZone
Programming and Scripting => Java => : xor September 11, 2011, 05:39:32 AM
-
Hi guys,
So I'm reverse engineering the communication protocol between a DynDNS update client and their server to see what traffic is being sent and how they authenticate it.
However, in my travels I figured out that it uses the following cipher suite for communication: TLS_RSA_WITH_RC4_128_SHA
Unfortunately, Java doesn't appear to have this in its list of enabled / available cipher suites as seen below:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
My question is... how do I add another cipher suite to this list? Last time I tried I got the following:
Exception in thread "main" java.lang.IllegalArgumentException: Unsupported ciphersuite TLS_RSA_WITH_RC4_128_SHA
Any ideas?
-
So I'm reverse engineering the communication protocol between a DynDNS update client and their server to see what traffic is being sent and how they authenticate it.
Am I missing something? the dyndns update client for linux is perl script:
http://dyn.com/support/clients/linux/ (http://dyn.com/support/clients/linux/)
If your talking more than just info, what about key + packet sniff
-
Well, I've found out that it communicates using TLS_RSA_WITH_RC4_128_SHA which is essentially synonymous with SSH_RSA_WITH_RC4_128_SHA.
I wrote a DynDNS client to communicate with their update.dyndns.org and the server accepted the communication using the SSH_ encryption. The server I made supports accepting SSH_ version of the encryption, but I get the above error, which means that the windows client is enforcing its communication using TLS. I'll check out the linux script and see if there's anything I can glean from it.
What I'm really trying to do is figure out how to configure bind to accept dynamic updates so I can have my own Dynamic DNS server, without having to read someone elses article on how to do it :P
-
Well you could do your testing using stunnel/nc. And if you're tired of fucking around with ssl, just use HTTP in your java program, let stunnel do it. Example:
[root@centos /]# stunnel -fd 0 << EOF
> client = yes
> [https]
> accept = 444
> connect = update.dyndns.org:443
> TIMEOUTclose = 0
> EOF
[root@centos /]# nc localhost 444 -vv
Connection to localhost 444 port [tcp/snpp] succeeded!
GET / HTTP/1.1
Host: update.dyndns.org
HTTP/1.1 404 Not Found
Date: Mon, 12 Sep 2011 01:31:09 GMT
Server: Apache
X-UpdateCode: X
Content-Length: 3
Connection: close
Content-Type: text/html; charset=iso-8859-1
404
If you check in web-browser it will return same output, I ain't falling for it.