Paros and Charles are tools that can intercept SSL encrypted traffic by acting as a man-in-the-middle. They emulate the server when talking to the client and the client when talking to the server, allowing the intercepted traffic to be viewed and analyzed in plain text. To use Paros, one configures it as either an outgoing or local proxy and then sets the browser to use that proxy. Any HTTPS traffic can then be seen by Paros, including usernames and passwords. Paros also allows modifying the intercepted traffic using traps. Charles works similarly by configuring it as the proxy on the client device. These tools are useful for debugging, development, and testing applications using SSL, not for illegal hacking.

1. Usage of Paros, charles for SSL Debugging Pradeep Patel

4. SSL Handshake Protocol – overview client server client_hello server_hello certificate server_key_exchange certificate_request server_hello_done certificate client_key_exchange certificate_verify change_cipher_spec finished change_cipher_spec finished Phase 1 : Negotiation of the session ID, key exchange algorithm, MAC algorithm, encryption algorithm, and exchange of initial random numbers Phase 2 : Server may send its certificate and key exchange message, and it may request the client to send a certificate. Server signals end of hello phase. Phase 3 : Client sends certificate if requested and may send an explicit certificate verification message. Client always sends its key exchange message. Phase 4 : Change cipher spec and finish handshake

7. Setup : Paros

8. Setup : Paros - Outgoing proxy

9. Setup : Paros -local proxy

11. Client gets a warning

12. On Paros : http Request

13. On Paros : http Response

14. Entering user name and password on secure site

15. Paros shows password in Plain Text

16. Paros : Session contents can be modified by using trap

21. Thank You