Maybe the question is silly but I can’t realize how to decode packets related to OpenFire-Spark traffic captured with wireshark.
This is an example of a packet tagged as Jabber/XML by the tool
\027\003\001\000\021’EhC\233\210&A\2464\250\035\225\361\346\240\264
Any advice ?
Thanks
ny
Maybe you should disable SSL connections in Spark and Openfire to be able to read message packets
Thank a lot! It has helped
Cheers
ny
I have the same question. This is what I see, which is OBVIOUSLY not a SSL encrypted string. Its an encoded or compressed string of some kind.
[truncated] \262\311M-.NLOU\310L\261U\362\362\21374QR(\251,H\265UJ\316H,\001\262\363m\225\2 14\214\222M\f\215\215\214t\323R\023\215uM\222\315-t\223R\r\322\200\3344\203d\203 \024\240@\262\211CIFf^6H\217^NbJA\261^r~\256\222\235MR~J\245]FjN\201
In my admin tool there IS NOT a padlock icon next to the users session and so I know the connection is not SSL. Also, openfire admin is set for “SSL Disabled” in the server properties.
In any case, my friend insists Openfire is making an SSL connection but I disagree. Does anyone understand the encoding of this protocol enough so that I can prove to my friend that this IS NOT ssl encrypted?
Hi,
you may want to disable encryption and compression in the admin interface:
/ssl-settings.jsp
Client Connection Security
[x] Custom
Old SSL method: [x] Not Available
TLS method: [x] Not Available
/compression-settings.jsp
Client Compression Policy
[x] Not Available
LG
Maybe your clients are doing some encryption independently of a server. Because with SSL disabled you should clearly see xml sctructure and text of the messages.