[Sheep is a sheep] The computer network principle behind

Foreword

Recently, everyone has been hooked on this game. The sheep uses the HTTPS protocol for network communication. One of the cracking principles is to use a packet capture tool to modify the content of the HTTPS message to change the second level into aAs the first level, this will greatly increase the probability of passing the level.This article will not go into details on how to crack, but try to explain the computer network principle behind the crack.

Is HTTPS secure?

HTTPS protocol is widely used in daily life, but as an encrypted packet protocol, why is it still captured by some packet capture tools?In other words, is HTTPS really secure?

In fact, the packet capture tool here is similar to a man-in-the-middle server. By establishing an SSL connection with the client while establishing an SSL connection with the server, as a middleman, you can decrypt the real session between the client and the server.The specific steps are as follows: (The specific details of SSL/TLS connection establishment are omitted here)

• First, during the establishment of the SSL/TLS connection between the man-in-the-middle server and the client, the man-in-the-middle server sends a digital certificate to the client, and the client verifies the authenticity of the digital certificate, and then obtains the public key from the certificate to generateA random number, encrypted with the public key and sent to the middleman, the middleman decrypts with the private key to obtain the random number, and then obtains the session key (A) through the encryption algorithm, and uses the session key for further HTTP communication.

• At the same time, the man-in-the-middle server, as a client, obtains the session key (B) for further HTTP communication during the process of establishing an SSL/TLS connection with the server.

• When a client sends a request, the man-in-the-middle can use the session key (A) to decrypt the HTTPS request data, then use the session key (B) to encrypt the request and send it to the server.After the server receives the request, it responds to the client, and the middleman uses the session key (B) to decrypt the HTTPS response data, and uses the session key (A) to encrypt the HTTPS response data and send it to the client.

Here we can see that To steal the request and response packets of both parties, a key factor is the digital certificate sent by the middleman to the client.Generally, the authenticity verification of the digital certificate of the client to the server in the middle will not pass, after all, it is not the certificate issued by the real CA. But there is also a solution, that is to install the root certificate provided by the packet capture tool on the client side, which actually plays the role of a certification authority (CA).This is the key to the ability of packet capture tools to capture packets.The client takes the certificate issued by the middleman to the middleman’s own CA for authentication, and of course thinks that the certificate is valid.

At this point, the basic principles of packet capture have been explained clearly. Let’s go back to the question, is HTTPS really safe?The answer is yes, even if there is a man-in-the-middle server, it essentially exploits the vulnerability of the client-side verification certificate.