SSL encryption – Set up an SSL server

Analyzing SSL traffic

So, in an effort to get a good picture at how I can decrypt SSL traffic running through my machine, I’ve decided to set up my own little ubuntu SSL server in a VM so I can test what’s involved in getting wireshark to decrypt it.

Creating a test environment

Installing Ubuntu Server

The Ubuntu Server edition, as expected, installs flawlessly under a virtualbox VM. I took only the bare essentials when prompted during setup and let ubuntu decide how to handle my partitioning. I’m sure there are many other ways to do this, but I’ve always been keen on ubuntu so I thought I’d give them a shot. I got the download here: http://www.ubuntu.com/download/server.

Hosting a web server

Once all the whirring and buzzing is done I’m presented with a rather unclimactic prompt. Being a native windows user, I’ve not the slightest idea what to do with this, but a bit of googling (https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps) keyed me into the fact I could run a couple of commands to get a server up.

sudo apt-get update
sudo apt-get install apache2

It’s actually that simple. once the apache2 install is completed, I can point to this machine from anywhere in my network and I got served my first page:

2014-12-11_0357

 

Again, being a Windows user thought despite often digging into and enjoying the feel of a console, there’s something about having a GUI that just puts me at ease. Again, google is my friend: http://askubuntu.com/questions/53822/how-do-you-run-ubuntu-server-with-a-gui

Let’s get a GUI for our server

I elected the xubuntu desktop (described as lightweight by this stranger I’ve never met. And installed it. Again super simple command:

sudo apt-get install ubuntu-desktop

Follow that up with a “reboot” and we’ve got ourselves a gui:

2014-12-11_0423

Where’s my HTTP root?

They’re nice enough to include that little detail in the landing page once the server is configured:

2014-12-11_0427

So let’s head over to /var/www to check it out. I’m going back into the terminal here because after screwing with the gui for a bit the terminal aspect suddenly appeals to me greatly. Try editing your index.html file via the gui if you’re defiant, else let’s just drop back to the console.

Editing the index.html

Just to be sure I have a basic understanding of the server, I want to edit my index.html file to ensure it’s really what’s being served. If you tried doing this from the gui you may have hit a pitfall or two because of the file’s permissions. So from the terminal lets navigate to /var/www/html and set the index.html permissions to 666.

Now we can nano in and make a little change:

2014-12-11_0500

Admittedly, this is not the best text editor I’ve ever worked with, and I’m sure there are better out there, but we’re not here to mess with that.

2014-12-11_0502

Great, the change was persisted. Now that we know we’re controlling a real live server, let’s set up some encryption.

Setting up SSL on our webserver

Again, seems almost too simple in our case- thanks to some directions I found here: http://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/

 Create your Key

Creating the key is fairly straightforward, I used some basic stuff here:

openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem

Once fired, the command will request a handful of information about who you are and what your cert is representing. To RSA sign it (for use with wireshark later on ) there’s one more command to be run:

openssl rsa -in testkey.pem -out testkey.pem

Start the server

Now all we need to do is fire up the ssl server and he’ll begin taking requests on port 443, with the following command:

openssl s_server -key testkey.pem -cert testcert.pem -WWW -cipher RC4-SHA -accept 443

We’ll get angry warnings from our browsers trying to hit our pages because obviously this key/cert is BS. But in short, that’s how we get an SSL server up and running from start to finish, to produce some ssl encrypted output which is decrypted happily by our browser:

2014-12-11_0715

Obviously, since I haven’t actually patched SSL into apache, the image doesn’t quite make it across- but again that’s not the purpose of this exercise.

Future

In the next post I’ll go into detail about how we can use wireshark to first view the encrypted output, and thankfully, have wireshark decrypt it for us. We’ll take this a step further and see how it’s possible to decrypt traffic even without the server key that we just produced.

something to add?