I am looking at the theory behind MITM attacks in order to see some unencrypted packets from the 3DS. From research here is what I understand so far:
3DS > Proxy > Nintendo server
I am going to try and force the 3DS to use a forged certificate. The 3DS will then communicate with the proxy and the proxy will decrypt the packets, see whats there, re-encrypt them and then send it out to the Nintendo server. I see an issue though, the Nintendo server is expecting to see the original 3DS public certificate from the proxy server but it wont as I do not have it. Is it possible for me to get the original certificate from the 3DS before giving it the forged one?
Here is my idea:
- start send packets from 3ds, original cert is sent from 3ds to proxy, which is stored
- insert forged cert to 3ds
- connection is reset
- using forged cert, start communication, fake cert speaks with proxy server
- proxy decrypts packets from 3ds, logs them, re-encrypts them
- uses the old certificate to communicate with the Nintendo server then forward packets
Is this feasible. Is there an easier way? I know some of them are hard (insert forged cert to 3DS). Which tools can help me accomplish this?
Aucun commentaire:
Enregistrer un commentaire