New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debookee v6 beta is out - Welcome SSL/TLS decryption #2

Open
tomlabaude opened this Issue Jul 10, 2017 · 9 comments

Comments

Projects
None yet
5 participants
@tomlabaude
Contributor

tomlabaude commented Jul 10, 2017

Update on 4th Sept 17: v6 is not private anymore but in public beta, checkout https://debookee.com and docs

After 7 months of work, I'm pleased to release Debookee 6.0.0 beta, which implements SSL/TLS decryption in less than 4 clic for all your devices.

TL;DR

  • Debookee v6 introduces two new paying modules: SSL & PRO modules
  • NA & WM of previous versions are still valid and haven't changed
  • You can download the beta here in Menu Debookee -> Preferences -> General -> Check Propose beta version updates
  • New combos are available (SSL+PRO, NA+WM+SSL, etc ...). More information here
  • Minimum macOS version is now 10.12
  • Documentation is being implemented: https://docs.debookee.com

SSL Module

  • SSL/TLS decryption of your own traffic and all your targets traffic
  • Some applications won't accept fake CA due to Key Pinning. Working on alerting/workaround/bypass.
  • SSL decryption must be enabled manually (3 modes: No SSL decryption / All targets only / Own traffic + All targets)
  • You can test for free in the trial, decrypted results will be obfuscated at some point without SSL licenses
  • As always, if you don't have any result at all, SSL license won't unblock results. A paying license in Debookee just deobfuscate results.
  • To avoid browser warnings, you'll have to install CA cert
    • On your own Mac with the button "Add CA cert to Keychain"
    • On your targets, by browsing http://mitm.it:6969 when their traffic is intercepted

PRO Module

  • IMAPS / SMTPS / POPS decryption of your own traffic and all your targets traffic
  • Compressed data are not uncompressed yet, so you'll see IMAP commands in clear text, but maybe not email's content depending server's configuration. Soon to come
  • Allows you to create your own Certificate Authority details (Common Name, Organization, etc ...)
  • Allows you to decrypt SSL/TLS on different port than the default (For ex: 8443)

Credits

This new version is the results of the integration of mitmproxy and SSLsplit.
Integrating open source projects in a software is not an easy ethical task. We do our best by contacting them, trying to contribute to their projects and respecting their open source licenses.

Thanks to alpha testers for their patience:

Next steps

  • Be indulgent, it's only a beta (although modules are paying)
  • More docs at https://docs.debookee.com
  • Fix some bugs you'll find
  • Enhance PRO modules with new AUTHENTICATE methods, DEFLATE data, etc ...

Contact / Bug reporting

Current Status

  • Alpha tests with small group of testers
  • Half-public beta tests with private URL (https://iwaxx.com/debookee/update-beta.php)
  • Public beta tests for users who have beta checked in Debookee's preferences
  • Coming: Stable version for all users

@tomlabaude tomlabaude changed the title from Debookee 6.0.0b1 is out - Welcome SSL/TLS decryption to Debookee v6 beta is out - Welcome SSL/TLS decryption Jul 10, 2017

@richtestani

This comment has been minimized.

Show comment
Hide comment
@richtestani

richtestani Jul 11, 2017

I finally got a version setup, so far it works well on my own Mac, but my iPhone doesn't seem to work.
I installed the cert from mitm, but I the instructions weren't matching my window. Though the cert is listing and everything is trusted, I got an warning about verifying the server identity.

Is this how it will work?

richtestani commented Jul 11, 2017

I finally got a version setup, so far it works well on my own Mac, but my iPhone doesn't seem to work.
I installed the cert from mitm, but I the instructions weren't matching my window. Though the cert is listing and everything is trusted, I got an warning about verifying the server identity.

Is this how it will work?

@richtestani

This comment has been minimized.

Show comment
Hide comment
@richtestani

richtestani Jul 11, 2017

Also apps like Instagram won't load if targeted.

richtestani commented Jul 11, 2017

Also apps like Instagram won't load if targeted.

@tomlabaude

This comment has been minimized.

Show comment
Hide comment
@tomlabaude

tomlabaude Jul 12, 2017

Contributor

You may be hitting Key Pinning for some apps, I'm currently writing the docs, but meanwhile, I've added a line in the post above in SSL Module part about it.

For ex, on Mac, Evernote and Slack apps don't accept the fake CA, and there's nothing to do (except patching the apps with fake CA public key hash to validate key pinning)

In Debookee, an enhancement could be to notify the user about Key Pinning for specific URLs. Also the choice for the user to allow the SSL/TLS connection to continue, without being decrypted.

Not sure to understand "The instructions weren't matching my window", we can continue the discussion by email for more details.

To be sure SSL/TLS interception works at its best, on your iPhone, check browsing on a simple website like https://debookee.com, it doesn't use Key Pinning, and you must see HTTP headers.

Else, contact us by email and let's troubleshoot that.

Contributor

tomlabaude commented Jul 12, 2017

You may be hitting Key Pinning for some apps, I'm currently writing the docs, but meanwhile, I've added a line in the post above in SSL Module part about it.

For ex, on Mac, Evernote and Slack apps don't accept the fake CA, and there's nothing to do (except patching the apps with fake CA public key hash to validate key pinning)

In Debookee, an enhancement could be to notify the user about Key Pinning for specific URLs. Also the choice for the user to allow the SSL/TLS connection to continue, without being decrypted.

Not sure to understand "The instructions weren't matching my window", we can continue the discussion by email for more details.

To be sure SSL/TLS interception works at its best, on your iPhone, check browsing on a simple website like https://debookee.com, it doesn't use Key Pinning, and you must see HTTP headers.

Else, contact us by email and let's troubleshoot that.

@chrismccoy

This comment has been minimized.

Show comment
Hide comment
@chrismccoy

chrismccoy Jul 22, 2017

wil i have to re purchase the wm and na license i bought for v5?

chrismccoy commented Jul 22, 2017

wil i have to re purchase the wm and na license i bought for v5?

@tomlabaude

This comment has been minimized.

Show comment
Hide comment
@tomlabaude

tomlabaude Jul 22, 2017

Contributor

No, NA & WM licenses will be valid for all future versions. You paid for some features for lifetime.
I've clarified this in the post above, enjoy!

Contributor

tomlabaude commented Jul 22, 2017

No, NA & WM licenses will be valid for all future versions. You paid for some features for lifetime.
I've clarified this in the post above, enjoy!

@richtestani

This comment has been minimized.

Show comment
Hide comment
@richtestani

richtestani Jul 29, 2017

Hi - I had written to contact on your site, but I got no reply. Where can I write to help get my SSL decryption working.

richtestani commented Jul 29, 2017

Hi - I had written to contact on your site, but I got no reply. Where can I write to help get my SSL decryption working.

@tomlabaude

This comment has been minimized.

Show comment
Hide comment
@tomlabaude

tomlabaude Jul 30, 2017

Contributor

Richard, I received an email on the 12th of July and replied you on the 14th on your icloud.com email.
I've just resent you my answer to both icloud.com and me.com
Please update to 6.0.0b2, as there are new warnings concerning HTTP Key Pinning that can't be decrypted. (cf http://docs.debookee.com/en/latest/module_ssl.html#key-pinning)

Contributor

tomlabaude commented Jul 30, 2017

Richard, I received an email on the 12th of July and replied you on the 14th on your icloud.com email.
I've just resent you my answer to both icloud.com and me.com
Please update to 6.0.0b2, as there are new warnings concerning HTTP Key Pinning that can't be decrypted. (cf http://docs.debookee.com/en/latest/module_ssl.html#key-pinning)

@xenio

This comment has been minimized.

Show comment
Hide comment
@xenio

xenio Aug 1, 2017

Thanks, just bought the SSL license and trying the beta.

xenio commented Aug 1, 2017

Thanks, just bought the SSL license and trying the beta.

@marca56

This comment has been minimized.

Show comment
Hide comment
@marca56

marca56 Sep 4, 2017

@tomlabaude just upgraded to the beta and looks good. I have not had the recurring warnings I mentioned in Slack :)

Good job!

marca56 commented Sep 4, 2017

@tomlabaude just upgraded to the beta and looks good. I have not had the recurring warnings I mentioned in Slack :)

Good job!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment