SSL decrpytion and TeamViewer

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSL decrpytion and TeamViewer

L6 Presenter

I was wondering if TeamViewer uses certificate pinning so I tried to decrypt it. I've set a simple decrypt rule to decrypt everything from one IP going to internet. But the rule doesn't seem to work for TeamViewer. All SSL sessions are decrypted but teamviewer-base isn't. I've also tried sharing file over it and I didn't see it in data log, also application didn't change to teamviewer-sharing. So I'm pretty sure TeamViewer didn't get decrypted while other SSL sessions did.

Any idea what am i missing? If teamviewer doesn't allow to be decryted then i would expect to not be able to connect and not just ignore decryption rule and work.

 

 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

There is a list of applications that Palo Alto will not decrypt as it knows it will brake the app.

List is here:

https://live.paloaltonetworks.com/t5/Configuration-Articles/List-of-Applications-Excluded-from-SSL-D...

 

Try to play around with Decryption profile. There you can block sessions if decryption is not possible.

profile.png

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Ok, ty for the list. But TeamViewer is not on it.

I guess that means TeamViewer either uses unsupported versions or cipher suites.

 

 

  • 2571 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!