Questions tagged [xmpp]

Extensible Messaging and Presence Protocol is a communications protocol for message-oriented middleware based on XML.

17 questions
6
votes
1 answer

How do end-to-end encrypted chat services ensure that the server admin doesn't add new members to a chat?

This question is about any chat service that supports end-to-end encrypted group chats, for instance Signal, XMPP + OMEMO (closed group chats in particular), WhatsApp, and the like. How do these services ensure that a hostile server admin does not…
tao_oat
  • 312
  • 1
  • 2
  • 10
4
votes
1 answer

How can I intercept XMPP traffic on Android?

I have been learning about security testing on Android apps, and to intercept traffic I was using Burp Suite. I know it works perfectly for HTTP/HTTPS traffic, but most of the messenger apps are using the XMPP protocol for their communication. I…
Anandu M Das
  • 1,981
  • 14
  • 31
  • 46
4
votes
2 answers

Why do we need OMEMO if XMPP is already encrypted?

I read that XMPP is encrypted. E.g. Wikipedia says: Strengths Security XMPP servers can be isolated (e.g., on a company intranet), and secure authentication (SASL) and encryption (TLS) have been built into the core XMPP specifications. OTOH, there…
Ruslan
  • 247
  • 2
  • 7
3
votes
1 answer

What security layers of protection are available over XMPP?

I have been working on an application running over XMPP. I would like to know which all popular security layers are available over the XMPP protocol, similar to SSL over http.
Anonymous Platypus
  • 1,392
  • 3
  • 18
  • 33
3
votes
1 answer

SSL/TLS in Jabber

Just wondering: is entire traffic between me and the Jabber server I use encrypted, or only login and password? Given that the server supports encryption, and my IM client is configured to ask for encryption. If SSL/TLS encryption is used for all…
MyName
  • 31
  • 2
3
votes
1 answer

xmpp ssl cipher negotiation

Does anyone know how ssl ciphers are nogitiated via the xmpp protocol. When I capture packets, I see: There is no hello server/client or cipher negotiation, like http. Can anyone point to…
marcwho
  • 834
  • 1
  • 10
  • 18
2
votes
0 answers

Does an SSL certificate have to cover the server hostnames returned by an SRV lookup on the domain?

I have XMPP service running on the domain xmpp.mydomain.com. The XMPP service runs on two back-end servers, im1.mydomain.com and im2.mydomain.com. Clients find out about these servers by an SRV DNS lookup on the XMPP address: c:\> nslookup -type=SRV…
2
votes
0 answers

What are the security implications of using local-link XMPP on an untrusted network?

I'd like to setup XMPP local-link messaging (Bonjour) on my laptop for use at home. However, I'm concerned about ensuring this is not leaking any information when I connect to an untrusted network. When this is enabled what information can it expose…
1
vote
3 answers

How secure is XMPP with self-signed SSL certificates?

I'm looking for an easy way to set up a simple IM infrastructure that protects messages in transit as well as avoids having logs in places that neither I nor someone I trust controls. I'm based in Germany and according to Mr. Snowden, my traffic…
Stegosaurus
  • 21
  • 1
  • 2
1
vote
0 answers

Does ZRTP provide useful protection, given that the SAS is not verified?

Firstly, some important backstory. I'm producing a corporate version of an IM/VOIP/Screensharing client using the Open Source Jitsi. We are going to be using a central server and have already confirmed that TLS encryption is good to go and that the…
1
vote
1 answer

what makes xmpp a trustworthy way to communicate with others?

An Overview of XMPP Luke Smith recommends XMPP As Luke Smith said in his video, XMPP has been designed as an open communication protocol, which is similar to the email at an extent, I am wondering why people consider it as a safe communication…
user258193
1
vote
0 answers

Forward secrecy (plausible deniability) and storing messages

How do messengers, like signal or XMPP-omemo messengers, store their messages? Since the session key is only valid for the current session, how can such extensions like MAM (message archiving on XMPP server) or storing the messages encrypted on the…
1
vote
0 answers

Solution for well-encrypted group messaging, on Android inside Knox

I am looking to setup a secure messaging system to be used among friends. Ideally it would be cross-platform (Android-phones using the Knox-container, laptops, Android-tablets with Knox) and support group chats as well as the transfer of pictures.…
SpindizZzy
  • 31
  • 2
1
vote
0 answers

What information can be seen when I'm using SRTP via XMPP?

Just as the title goes, basically what data/information can be tracked when using SRTP via XMPP? As client I'm using Jitsi. If things works in some aspects similar to HTTPS, I guess that maybe it can be seen to what server I'm connecting for my…
Gruber
  • 115
  • 4
0
votes
0 answers

XMPP authentication bruteforce with hashcat

This question is about how efficient it is to bruteforce SASL authentication in the XMPP protocol. I read the XMPP SASL authentication steps (stackoverflow link in case the first one breaks), and reimplemented a script that parses a network capture…
Redouane Red
  • 101
  • 1
1
2