http://www.httpvshttps.com/
https://www.httpvshttps.com/
Open Wireshark and Capture the live packets or Analyze the data of the traffic trace files:
• capture-1.pcapng • capture-2.pcapng
FIT1047 Tutorial 12
Topics
• TLS, HTTP, HTTPS • CertificatesforHTTPS
Instructions
• The tasks are supposed to be done in groups. Task 1: TLS, HTTP, HTTPS
For this task you need to use Wireshark again in order to look at three different examples of recorded network traffic. All three examples show parts of the communication between a client and a webserver.
Before you start, get files Example1.pcap, Example2.pcap and Example3.pcap from Moodle. 1.a Start Wireshark and open Example1.pcap.
• Can you identify the domain name of the server?
• Which protocols are used on application layer?
• Can you get information on the location of destination and source?
• NowopenChromeandtypeintheaddressthatyouhaveidentified,usingtheprotocol shown. Can you find any information on the security of the connection?
• Note that the server has been changed and the protocol is different to the one in the recorded Wireshark file.
• Does the location of the organisation match with the location of the server? 1.b Open Example2.pcap in Wireshark.
• Can you identify the domain name of the server? It might be somewhere within the packet.
• Which protocols are used on application layer?
• NowopenChromeandtypeintheaddressthatyouhaveidentified,usingtheprotocol shown. Can you find any information on the security of the connection? Can you identify which encryption algorithms are used.
1.c Open Example3.pcap in Wireshark.
• Can you identify the domain name of the server?
• What is different to the other two examples?
• Which protocols are used?
• NowopenChromeandtypeintheaddressthatyouhaveidentified,usingtheprotocol shown. Can you find any information on the security of the connection?
1
Task 2: Certificates for HTTPS/TLS
2.a UseChrometoopenawebpagethatsupportsTLS.Forexamplehttps://commbank.com.au/ Click on the lock shown on the left from the address bar.
• Who is the issuer of the certificate and how long is it valid?
• Which cipher suite is used? You might need to reload the page to see connection
information.
2.b Can you find the list of all certification authorities that are installed in Chrome? Can you find some revoked certificates? (Hint: Look in settings under advanced settings)
2.c Now, using Google Chrome, try two other sites that should be secure:
(a) First,thewebsiteoftheCommonwealth:https://www.commonwealthofnations.org/ What happens? Does it work? Lets try http://www.commonwealthofnations.org/
(b) Second, try a secure website and see if we can still change it.
Open https://www.pm.gov.au/
Is this page shown to the secure?
Can you make yourself prime minister so that the page still looks secure? Hint: Right-click on the Name of the Prime Minister.
Why is it still shown as secure? Can this be a problem?
2