Regarding the packets for testing the application

[sandeep-nxn131630]

Hello Andy,

Thanks for the wonderful project.

I would like to know/get if there are any samples pcap packets and keys that I can test the application with

[RoadRunnr]

Hi,

DTLS and CAPWAP are stateful protocols, I therefore don't see how PCAP's would help you with testing a MITM proxy. Simply replaying the DTLS packets can't work.

About the keys and certificates, those have to be accepted by the AC and WTP that you wan't to investigate.

The MITM is not intended to hack into a CAPWAP DTLS connection. The idea is that you present certificates to the AC and WTP that are acceptable to them and then sit in the middle and export the decrypted traffic into a pcap file for inspection in wireshark.

If you are looking for a AC and WTP to test the proxy against, I would recommend checking out
freeWTP, smartCAPWAP and/or openCAPWAP (all of them are somewhere on github).

[sandeep-nxn131630]

I have been tasked in a research project to decrypt the dtls traffic pertaining to CAPWAP, I was looking for tools to do this protocol

Any sort of details will be of great help
Can you suggest me some tools or MITM as per my understanding will be able to achieve what I am trying to do

Thanks,
Sandeep

[RoadRunnr]

This project is exactly what you need. It can decrypt CAPWAP DTLS as a MITM proxy.

You only need to configure your AC and WTP to connect to each other through the MITM proxy and provision your AC, WTP and MITM proxy with the proper certificates.

It will then export the decrypted CAPWAP data as pcap file that can be analyzed with wireshark.

How to configure the AC and WTP, and how to get the right certificates onto them depends purely on the AC and WTP. I'm afraid you have to figure that out for yourself.

[sandeep-nxn131630]

What I am tasked with is to look at the DTLS/CAPWAP traffic (mirrored from the ethernet switch)
and use the ligitimate certs/keys from AC and WTP to decrypt the traffic and inspect CAPWAP protocol
messages for errors.

I do understand that your package can not help me directly without modifications. I was hoping that
I can repurpose some of the logic to accomplish my task without being a MITM. Any thoughts???

Regarding the CAPWAP pcap files for testing, do you know where I can get some for my testing?
I really appreciate your help!!!

[RoadRunnr]

What I am tasked with is to look at the DTLS/CAPWAP traffic (mirrored from the ethernet switch)
and use the ligitimate certs/keys from AC and WTP to decrypt the traffic and inspect CAPWAP protocol
messages for errors.

You do know that this is never going to work if DTLS is using a DHE cipher?

I do understand that your package can not help me directly without modifications. I was hoping that
I can repurpose some of the logic to accomplish my task without being a MITM. Any thoughts???

What you need is much simple than a MITM proxy. And in fact for non-DHE ciphers, wireshark should already have anything you need.

Regarding the CAPWAP pcap files for testing, do you know where I can get some for my testing?

I have no idea where to find samples. There might be some on the wireshark wiki.

I really appreciate your help!!!

[sandeep-nxn131630]

Yes, in my case I am assuming DTLS is not using DHE cipher. It will be Cisco WLC 5760. Any thoughts?

It is great to hear that, what I need is simpler than MITM proxy. Like I mentioned I cannot use wireshark as I need to probe the traffic programmatically.

I am using CentOS 6.5 and running to gnutls and Nettle issues. Does this package compile on CentOS?