Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (imspector-dev) Logging Facebook Chats to meet New Gov't Compliance regs?

    Scheduled Pinned Locked Moved pfSense Packages
    11 Posts 5 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mastry0da
      last edited by

      Running 4 pf boxes in HA, (2 onsite carp'd & 2 carp'd @ DR Site)

      Just began playing around with the new imspector-Dev package,
      never utilized it before but i'm hoping to replace our palo-alto boxes
      that perform all our chat/skype logging onsite so i can remove their
      support fees from my budget… I have it enabled and set to log,
      but when I log in and attempt to send some test messages via
      facebook, none of them appear in the impsector-dev log on my
      pfboxes... Has anybody got this working or can perhaps point me
      in the right direction?

      1 Reply Last reply Reply Quote 0
      • M
        mastry0da
        last edited by

        anybody?

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Do you know how facebook chat works?

          imspector is a project that is not being updated in last two years

          imspector description from imspector.org:

          Currently it supports MSN, Jabber/XMPP, AIM, ICQ, Yahoo, IRC and Gadu-Gadu to different degrees.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • M
            mastry0da
            last edited by

            yes it utilizes jabber/xmpp, so it should be able to dissect it?

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @mastry0da:

              yes it utilizes jabber/xmpp, so it should be able to dissect it?

              It depends on how facebook chat change messages, did you tried to tcpdump this traffic to see what ports does it use?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • M
                mastry0da
                last edited by

                it appears to be connecting to chat.facebook.com on port 443 utilizing ssl encryption…
                Perhaps i need to add some ssl certs to my imspector config... currently i have no ssl
                certs installed on the test box...

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  @mastry0da:

                  Perhaps i need to add some ssl certs to my imspector config… currently i have no ssl
                  certs installed on the test box...

                  you need ca and cert to get it working(at least with google chat it does).

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • P
                    PCgeek215
                    last edited by

                    @marcelloc:

                    @mastry0da:

                    Perhaps i need to add some ssl certs to my imspector config… currently i have no ssl
                    certs installed on the test box...

                    you need ca and cert to get it working(at least with google chat it does).

                    Facebook chat uses XMPP wrapped in HTTPS (SSL) so you would need the FB Root CA to do any sort of plain text logging. :-(

                    1 Reply Last reply Reply Quote 0
                    • M
                      mastry0da
                      last edited by

                      how do the commercial firewall vendors like smoothwall and sourcefire get around this get the text of facebook chats then?

                      1 Reply Last reply Reply Quote 0
                      • M
                        Metu69salemi
                        last edited by

                        I think, that those use some kind of man-in-the-middle attack by using their own ssl-certificate. But not sure at all

                        1 Reply Last reply Reply Quote 0
                        • N
                          NastyEbilPiwate
                          last edited by

                          @Metu69salemi:

                          I think, that those use some kind of man-in-the-middle attack by using their own ssl-certificate. But not sure at all

                          Yep. They MITM the traffic, which requires a trusted CA cert to be installed on the machines you want to capture data from.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.