HTTPS + SSL Web Server Encryption

Snooping Unencrypted Traffic Via Wireshark.

Posted by Dennis on April 7, 2019

Introduction

With e-commerce today being at an all-time high, I wanted to demonstrate the importance of Hyper Text Transfer Protocol Secure (HTTPS) and Secure Sockets Layer (SSL) website encryption. And yes.. It's 2019! Client to Server channel communications become encrypted so personal information being sent across the network cannot be picked up by an attacker snooping the network. Even today, I continue to visit websites which require the user to submit a login request in order to gain access and also the need for personal information (contact forms, etc.) that are unsecured.



What's the big deal?

Most people unfamiliar with HTTPS + SSL don't understand what is happening with the data in transit and I will demonstrate what is occurring 'behind the scenes'.

What is HTTPS, SSL, and TLS?

HTTPS is an extension of Hyper Text Transfer Protocol (HTTP). This protocol is used for securing the communication between two systems; ex. client browser to web server by using an encryption format. Traditional HTTP transfers data over the network in plain text, allowing attackers to intercept, view, and modify the data in transit. HTTPS prevents this during the transfer between the browser and the web server. Even if hackers manage to intercept the communication, they will not be able to use it because the message is encrypted. HTTPS establishes an encrypted link between the browser and web server using Transport Layer Security (TLS) or formerly, Secure Sockets Layer (SSL) protocols. SSL is a cryptographic protocol that was used to provide security over internet communications before being replaced by TLS in 1999.



Getting Started

I created a local testing environment via loopback (127.0.0.1) with Python to demonstrate how to capture plain text data (HTTP) in transit. As you can see in the image below, I am now able to access my local HTTP page at 0.0.0.0 on port 8000. As a note, '0.0.0.0' refers to my loopback address. I can access my webpage by visiting 127.0.0.1:8000 in my web browser.

python3 syntax = python -m http.server | python2 syntax = python2 -m SimpleHTTPServer (note: you will need to be in the directory where your html file currently resides!)

Simple HTTP Contact Form

Below is a simple contact form that the python server has launched from the previous step. Let's fill in the form with some random information and click 'send'.



Snooping Unencrypted Data

Wireshark is a free and open-source packet analyzer used by network administrators all over the world. From network troubleshooting to packet analysis, this is a must-have tool! You can download Wireshark here. Going back to our webpage deployment via python, I opened up Wireshark and selected to listen for traffic on my loopback address.



After inputting the random information into the web page text fields and clicking 'send', I was presented with the data in transit via Wireshark.



Final Thoughts

As you can see, the data we had previously sent over the network is viewable in clear plain text! This is the outcome when not using HTTPS+SSL encryption. If you would like to learn more about SSL/TLS certificates, Let's Encrypt is a free certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption. You can learn more about Let's Encrypt here.