Why You should use TLS/SSL with Mosquitto mqtt. MQTT Mosquitto Broker part 2.

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone welcome to my channel in previous video I was setting up a mosquito mqtd broker with basic configuration which is not encrypted and not passworded and basically I says you're not supposed to use this kind of configuration outside of your local network that configuration basically didn't stop you to using it for outside of your network but if you have everybody have firewall in a in the lab in the home whatever and all those parts which we use for example we will use port 1122 is usually close so basically if you don't open that part no one will will be able to connect to this broker or see what what you're doing with this broker so basically in this video I would like to show you why you shouldn't be doing this so I got the same broker which works with password and on part 1122 is not encrypted then I got another configuration let me show you this is the configuration of this broker for part 1124 is encrypted fully encrypted so this broker is possible protected and this broker is not not possibly protected it's separate broker and works on Port 1123 so basically what I can do I got PF sense and I have a function of pocket capture so I'm gonna be scanning my Lan zero which is the land which is connected the broker is the IP address and the part we're gonna be scanning first the not encrypted and password protected so let me clear it first so now it's capturing the packets that should be enough we've got a couple of them so now this is the packets this is the pocket from the broker to the client and as you can see password test this is the topic part Wireshark C capture YouTube this is the string what was injecting to that to that node so let me try to capture this one now 1124 and now you can see it's TLS version 1.2 encrypted so once I click I can't see absolutely anything just some signs next one next one wouldn't be read what is on it including the password of course uh I can show you as well this one 1123 maybe this is kind of waste of time it's it's exactly the same as as this one you can basically you can see it through what what the the client is sending to the broker so basically when we see this capture we can see all but you think you don't see the password so some of you may think oh just can't see the guy can see only my data so what I'm sending I send some temperatures or something like this not important it's okay no it's not okay because he can't see your password basically what the cloud what what the clients do sending the password only ons and does it when attempt to connect when it does the handshake with the broker once that handshake Go pass it wouldn't be doing this so let me show you how that works so what I gonna do I'm gonna disconnect it first connected I go to my PS sense change the part I will start capture and now I'm gonna reconnect and let me see the capture now so each one by one and there you go this is not red the idea of the client and then custom is the client name and automation is the password so just to show you username custom password automation you you basically can see but this is what it is okay so you may say they won't be able to see my password they can be able to see my data and basically once my client is always connected they won't be able to get my password out because it's only does it when it's reconnecting so no unfortunately wrong because it's very easy to break up that connection it's a special tools so it will Force the client to lose the connection and reconnect again and then get that password when it's attempting to reconnect so unfortunately that's how it is so okay some of you guys will say again okay not too bad what if he use that he connected another he will sign some information well yeah basically usually they not interested of your of your data then they'll try to break into your broker on your or your server to get the information they usually they try to use your server broker or whatever to do something for them and then worst case scenario you pay for this it will slow down of your your service and then worst scenario they probably will do something nasty maybe use uh for spam some people or maybe illegal activity as well so I will highly not recommend to use this kind of configuration in next video I will show you how to set up encrypted connection like this one and also watch that video through you should be you able to set up that encrypted connection simple way basic way in probably about 10 to 20 minutes so I don't see a reason why not to do it this way so I hope you enjoyed the video and see you next video
Info
Channel: Custom Automation
Views: 1,805
Rating: undefined out of 5
Keywords: MQTT, mqtt tls/ssl, mosquitto, mosquitto broker, lets encrypt, linux, ubuntu, open ssl, vps, linode, node-red, mqtt client, server, wireshack
Id: O5VnFbaxGmk
Channel Id: undefined
Length: 9min 13sec (553 seconds)
Published: Mon Jul 10 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.