0

I have a smartcard that can be read by websites using a Java applet (see http://www.springcard.com/online/applet_pcsc/). I would like to monitor and is to replay packets going from this java applet to the network. The problem is that it uses SSL. I tried to make IcedTea plugin (the open source version of oracle's java plugin, since oracle's one do not work properly with the card on my system) use a proxy (to catch the traffic on Burp Suite) and tried a passive sniffing with Wireshark, but it cannot decrypt SSL.

How can I capture and decrypt the SSL traffic? And if I can't is there a way to get the data before it gets encrypted by java (since everything runs on my machine, I can perform pretty much any manipulations)?

Improve this question
2
  • 2
    You can use Burp proxy, which can intercept SSL. It will generate a CA certificate, which you need to install in your Java root certificate store. Commented Sep 9, 2014 at 9:38
  • I already did that, and the Java applet seemed to fail starting. Same thing again but after 5-6 attempts it now works properly. Thank you! Commented Sep 9, 2014 at 10:03

1 Answer 1

Reset to default
1

paj28's solution works. I had to go to IcedTea's configuration and add the Burp certificate to the list of certificates and then configure IcedTEa to use Burp as a proxy. I don't now why but IcedTea seemed to mess up (refusing to launch the applet) at first, but after a few attempts it works!

Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.