So here is a question for the room, and I'm not sure I'm ready to handle the truth:
If I want to fool my local internet (https) radio device into talking to a local server, and have it trust the cert I give it...am I shit outta luck with this one?
I've not determined if it's certificate pinning airable.wifiradiofrontier.com yet, all I've so far figured out is that it hits it for an A record and gives up if I respond with anything to it.
@halfy Oh! It runs the same software as the Pure radios. There's a Home Assistant API integration for them. But if you wanted to MITM the server comms, the tool you want is mitmproxy. Set up a Pi to act as a WiFi AP and use Mitmproxy to strip the SSL. And cross fingers they're not pinning certificates.
@philpem@halfy mitmproxy/ssl strip would only work if the device actually tries to establish a http connection to begin with, right? Cert pinning would only be relevant if you could install your own root CA's onto the device iiuc?
@Bubu@halfy My understanding was the thing did connect out to an external server - so Halfy's goal was creating a local version which allowed them to add their own stations to it.
In which case, if it's using HTTPS without pinning, Mitmproxy or OWASP ZAP would probably be the way to go, at least for initial analysis.
If the device requires certificates to have a specific CA, signature or whatever, all bets are off.
Add comment