What information is exchanged during the “anonymous authentication”?
Posted on September 9, 2011There is a lot of uncertainty around this. Conversations with numerous people have elicited different responses. Here is what I do know :
The Android client
- does a DNS lookup for wl.dstvmobile.com
- This returns the IP address 196.25.48.79 (via ns2.mweb.co.za)
- An HTTPS connection is then established
- Certificate sent through from server (issued to : *.dstvmobile.com by Entrust Certification Authority – L1C valid from 2010/2/15 to 2013/2/10)
- Handshaking and cipher exchange
- two data block sent of 342 bytes and then 1318 bytes
Since the data is encrypted sniffing the packets doesn’t help give insight into the contents. Next steps, set up an SSL proxy and see if that will give us the required content.
There is currently nothing at https://wl.dstvmobile.com/ which just returns an under construction IIS message.
Posted in: Android
What people say
Close block