Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (imspector-dev) Logging Facebook Chats to meet New Gov't Compliance regs?

    Scheduled Pinned Locked Moved pfSense Packages
    11 Posts 5 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mastry0da
      last edited by

      anybody?

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Do you know how facebook chat works?

        imspector is a project that is not being updated in last two years

        imspector description from imspector.org:

        Currently it supports MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu-Gadu to different degrees.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          mastry0da
          last edited by

          yes it utilizes jabber/xmpp, so it should be able to dissect it?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @mastry0da:

            yes it utilizes jabber/xmpp, so it should be able to dissect it?

            It depends on how facebook chat change messages, did you tried to tcpdump this traffic to see what ports does it use?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • M
              mastry0da
              last edited by

              it appears to be connecting to chat.facebook.com on port 443 utilizing ssl encryption…
              Perhaps i need to add some ssl certs to my imspector config... currently i have no ssl
              certs installed on the test box...

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @mastry0da:

                Perhaps i need to add some ssl certs to my imspector config… currently i have no ssl
                certs installed on the test box...

                you need ca and cert to get it working(at least with google chat it does).

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • P
                  PCgeek215
                  last edited by

                  @marcelloc:

                  @mastry0da:

                  Perhaps i need to add some ssl certs to my imspector config… currently i have no ssl
                  certs installed on the test box...

                  you need ca and cert to get it working(at least with google chat it does).

                  Facebook chat uses XMPP wrapped in HTTPS (SSL) so you would need the FB Root CA to do any sort of plain text logging. :-(

                  1 Reply Last reply Reply Quote 0
                  • M
                    mastry0da
                    last edited by

                    how do the commercial firewall vendors like smoothwall and sourcefire get around this get the text of facebook chats then?

                    1 Reply Last reply Reply Quote 0
                    • M
                      Metu69salemi
                      last edited by

                      I think, that those use some kind of man-in-the-middle attack by using their own ssl-certificate. But not sure at all

                      1 Reply Last reply Reply Quote 0
                      • N
                        NastyEbilPiwate
                        last edited by

                        @Metu69salemi:

                        I think, that those use some kind of man-in-the-middle attack by using their own ssl-certificate. But not sure at all

                        Yep. They MITM the traffic, which requires a trusted CA cert to be installed on the machines you want to capture data from.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.