[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]


I've been following the conversation regarding Gmail and SSL bits in
other threads because, as you can tell, I use Gmail, and was under the
impression that https:// will keep everything over an SSL connection.
So after reading the threads that suggested otherwise I decided to

I shut down my Tor server, and blocked most forwarded traffic from my
router, logged out of Gmail, and closed Firefox. Then I Started up
Wireshark, opened up Firefox, logged onto Gmail, looked at a couple of
message, labeled one spam, and sent one as a test. Then I just let it
sit for about four hours.

After going through the Wireshark log (which took a bit!) the only
non-SSL/TLS traffic from Gmail I could find looked like this:

ET /safebrowsing/update?client=navclient-auto-ffox&appver=,goog-white-url:1:371,goog-black-url:1:19069,goog-black-enchash:1:46040
Host: sb.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:
Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=2ebc725f67fb2226:TM=1185368577:LM=1204091083:FV=2:GM=1:S=wxIX6A2MoEz-E_jQ;
rememberme=true; TZ=360; GMAIL_RTT=199;

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Cache-Control: public,max-age=600
Server: TrustRank Frontend
Content-Length: 40363
Date: Fri, 07 Mar 2008 19:48:54 GMT

[goog-black-enchash 1.46041 update]

Except that the whole thing was ~41kb.

So, while not an exhaustive study by any means, it *does* look like
Gmail will stick to SSL, or some type of encryption (I have no idea
what "goog-blacl-enchash" means, but it certainly isn't plaintext).

If anyone wants to look through the packet dump let me know, it's
about 4mb uncompressed after I filtered out traffic that I knew wasn't
from Google (from a cron job I have going), I'd be glad to post it


Running Ubuntu 7.10, all latest patches/updates
Wireshark 0.99.6
Behind a wrtg54 router running Tomato firmware.