Debookee v6 beta is out - Welcome SSL/TLS decryption

[tomlabaude]

Update on 4th Sept 17: v6 is not private anymore but in public beta, checkout https://debookee.com and docs

After 7 months of work, I'm pleased to release Debookee 6.0.0 beta, which implements SSL/TLS decryption in less than 4 clic for all your devices.

TL;DR

• Debookee v6 introduces two new paying modules: SSL & PRO modules
• NA & WM of previous versions are still valid and haven't changed
• You can download the beta here in Menu Debookee -> Preferences -> General -> Check Propose beta version updates
• New combos are available (SSL+PRO, NA+WM+SSL, etc ...). More information here
• Minimum macOS version is now 10.12
• Documentation is being implemented: https://docs.debookee.com

SSL Module

• SSL/TLS decryption of your own traffic and all your targets traffic
• Some applications won't accept fake CA due to Key Pinning. Working on alerting/workaround/bypass.
• SSL decryption must be enabled manually (3 modes: No SSL decryption / All targets only / Own traffic + All targets)
• You can test for free in the trial, decrypted results will be obfuscated at some point without SSL licenses
• As always, if you don't have any result at all, SSL license won't unblock results. A paying license in Debookee just deobfuscate results.
• To avoid browser warnings, you'll have to install CA cert
  • On your own Mac with the button "Add CA cert to Keychain"
  • On your targets, by browsing http://mitm.it:6969 when their traffic is intercepted

PRO Module

• IMAPS / SMTPS / POPS decryption of your own traffic and all your targets traffic
• Compressed data are not uncompressed yet, so you'll see IMAP commands in clear text, but maybe not email's content depending server's configuration. Soon to come
• Allows you to create your own Certificate Authority details (Common Name, Organization, etc ...)
• Allows you to decrypt SSL/TLS on different port than the default (For ex: 8443)

Credits

This new version is the results of the integration of mitmproxy and SSLsplit.
Integrating open source projects in a software is not an easy ethical task. We do our best by contacting them, trying to contribute to their projects and respecting their open source licenses.

Thanks to alpha testers for their patience:

• @marc56
• @lukfunk
• Valcho Nedelchev
• @turkreno
• @rentziass
• @ianisted
• @jga303
• and the others ...

Next steps

• Be indulgent, it's only a beta (although modules are paying)
• More docs at https://docs.debookee.com
• Fix some bugs you'll find
• Enhance PRO modules with new AUTHENTICATE methods, DEFLATE data, etc ...

Contact / Bug reporting

• @debookee
• Facebook group (https://facebook.com/groups/debookee)
• By email

Current Status

• Alpha tests with small group of testers
• Half-public beta tests with private URL (https://iwaxx.com/debookee/update-beta.php)
• Public beta tests for users who have beta checked in Debookee's preferences
• Coming: Stable version for all users

[richtestani]

I finally got a version setup, so far it works well on my own Mac, but my iPhone doesn't seem to work.
I installed the cert from mitm, but I the instructions weren't matching my window. Though the cert is listing and everything is trusted, I got an warning about verifying the server identity.

Is this how it will work?

[richtestani]

Also apps like Instagram won't load if targeted.

[tomlabaude]

You may be hitting Key Pinning for some apps, I'm currently writing the docs, but meanwhile, I've added a line in the post above in SSL Module part about it.

For ex, on Mac, Evernote and Slack apps don't accept the fake CA, and there's nothing to do (except patching the apps with fake CA public key hash to validate key pinning)

In Debookee, an enhancement could be to notify the user about Key Pinning for specific URLs. Also the choice for the user to allow the SSL/TLS connection to continue, without being decrypted.

Not sure to understand "The instructions weren't matching my window", we can continue the discussion by email for more details.

To be sure SSL/TLS interception works at its best, on your iPhone, check browsing on a simple website like https://debookee.com, it doesn't use Key Pinning, and you must see HTTP headers.

Else, contact us by email and let's troubleshoot that.

[chrismccoy]

wil i have to re purchase the wm and na license i bought for v5?

[tomlabaude]

No, NA & WM licenses will be valid for all future versions. You paid for some features for lifetime.
I've clarified this in the post above, enjoy!

[richtestani]

Hi - I had written to contact on your site, but I got no reply. Where can I write to help get my SSL decryption working.

[tomlabaude]

Richard, I received an email on the 12th of July and replied you on the 14th on your icloud.com email.
I've just resent you my answer to both icloud.com and me.com
Please update to 6.0.0b2, as there are new warnings concerning HTTP Key Pinning that can't be decrypted. (cf http://docs.debookee.com/en/latest/module_ssl.html#key-pinning)

[xenio]

Thanks, just bought the SSL license and trying the beta.

[marca56]

@tomlabaude just upgraded to the beta and looks good. I have not had the recurring warnings I mentioned in Slack :)

Good job!

[dtigue]

@tomlabaude I'm trying to find an option to purchase a site license for everyone in the IT department to use @ work. All I see is an option for the personal use combined pro license or the professional use combined pr license. It suggests if we want multiple people to use the software than we should get a site license but no link to where to purchase this.

[tomlabaude]

Hi @dtigue ! Can you contact us by email support@iwaxx.com with number of people in the IT department ?
Thanks, Thomas

[dtigue]

As of right now it is only two of us. Moving forward I will be looking to hire one or two more employees to work in in the IT department. Thanks, David Tigue ***@***.***

…

On Aug 12, 2022, at 8:50 AM, tomlabaude ***@***.***> wrote: Hi @dtigue <https://github.com/dtigue> ! Can you contact us by email ***@***.*** ***@***.***> with number of people in the IT department ? Thanks, Thomas — Reply to this email directly, view it on GitHub <#2 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZFSHUI2M273GT2SVWH4HDVYZJCRANCNFSM4DSKWQ5A>. You are receiving this because you were mentioned.

[debookee]

As of right now it is only two of us. Moving forward I will be looking to hire one or two more employees to work in in the IT department. Thanks, David Tigue @.***
…
On Aug 12, 2022, at 8:50 AM, tomlabaude @.> wrote: Hi @dtigue https://github.com/dtigue ! Can you contact us by email @. @.***> with number of people in the IT department ? Thanks, Thomas — Reply to this email directly, view it on GitHub <#2 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZFSHUI2M273GT2SVWH4HDVYZJCRANCNFSM4DSKWQ5A. You are receiving this because you were mentioned.

@dtigue Please send us an email support@iwaxx.com, so we could interact privately.