I have a smartcard that can be read by websites using a Java applet (see http://

Question

I have a smartcard that can be read by websites using a Java applet (see http://www.springcard.com/online/applet_pcsc/). I would like to monitor and is to replay packets going from this java applet to the network. The problem is that it uses SSL. I tried to make IcedTea plugin (the open source version of oracle's java plugin, since oracle's one do not work properly with the card on my system) use a proxy (to catch the traffic on Burp Suite) and tried a passive sniffing with Wireshark, but it cannot decrypt SSL.

How can I capture and decrypt the SSL traffic? And if I can't is there a way to get the data before it gets encrypted by java (since everything runs on my machine, I can perform pretty much any manipulations)?

Explanation / Answer

paj28's solution works. I had to go to IcedTea's configuration and add the Burp certificate to the list of certificates and then configure IcedTEa to use Burp as a proxy. I don't now why but IcedTea seemed to mess up (refusing to launch the applet) at first, but after a few attempts it works!

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.