Skip to main content
Super User

Return to Answer

Corrected invalid link [1]. Turn http link [4] into https. Fixed a few misspellings.
Source Link
edit approved May 20, 2019 at 3:26
Pang
edit approved May 20, 2019 at 3:26
Pang
  • 957
  • 1
  • 9
  • 12

More on man findman find pages

  • You could find all files used by the dropbox client currently used:

     ls -thal /proc/`pgrep dropbox`/fd | egrep -v 'socket:|pipe:|anon_inode|/dev/'

  • If you can not see anything that means that something is probably wrong with the client. I would recommend performing stracestrace.

     To monitor your dropboxd script with output save into output.txt file:
 `strace -o output.txt dropboxd`

 To monitor only system calls you could enter:
 `strace -e open dropboxd`

  • If you want to go even deeper you could attach an debugger e.g. gdb to your strace session.

Second Edit & Forth Edit - will not work till dropbox suportssupports own private keys.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox suportssupports own private keys.)

More on man find pages

  • You could find all files used by the dropbox client currently used:

     ls -thal /proc/`pgrep dropbox`/fd | egrep -v 'socket:|pipe:|anon_inode|/dev/'

  • If you can not see anything that means that something is probably wrong with the client. I would recommend performing strace.

     To monitor your dropboxd script with output save into output.txt file:
 `strace -o output.txt dropboxd`

 To monitor only system calls you could enter:
 `strace -e open dropboxd`

  • If you want to go even deeper you could attach an debugger e.g. gdb to your strace session.

Second Edit & Forth Edit - will not work till dropbox suports own private keys.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox suports own private keys.)

More on man find pages

  • You could find all files used by the dropbox client currently used:

     ls -thal /proc/`pgrep dropbox`/fd | egrep -v 'socket:|pipe:|anon_inode|/dev/'

  • If you can not see anything that means that something is probably wrong with the client. I would recommend performing strace.

     To monitor your dropboxd script with output save into output.txt file:
 `strace -o output.txt dropboxd`

 To monitor only system calls you could enter:
 `strace -e open dropboxd`

  • If you want to go even deeper you could attach an debugger e.g. gdb to your strace session.

Second Edit & Forth Edit - will not work till dropbox supports own private keys.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox supports own private keys.)

update with dropbox answer
Source Link
tukan
tukan
  • 2.3k
  • 13
  • 20

This remains the most probable way to find out what is being transferred.

I'll try to debug it myself when I finish my pending tasks.

Second Edit & Forth Edit - will not work till dropbox suports own private keys.

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox suports own private keys.)

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

Second Edit

Third Edit - details about the SSL/TSL decryption.

This remains the most probable way to find out what is being transferred.

I'll try to debug it myself when I finish my pending tasks.

Second Edit & Forth Edit - will not work till dropbox suports own private keys.

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

Third Edit & Forth edit - details about the SSL/TSL decryption. (will not work till dropbox suports own private keys.)

Answer from the dropbox support:

Dropbox does not support the creation of your own private keys.

adding details
Source Link
tukan
tukan
  • 2.3k
  • 13
  • 20

Third Edit - details about the SSL/TSL decryption.

In the second edit section I suggested that you can view the SSL traffic via wireshark. Since Paul has thought that I'm suggesting that you should actually hack the DH key exchange, which is with current knowledge not possible, I would like to rectify it.

What I'm trying to suggest is that if you are using dropbox business RSA and RSA authentication, you could try to use the dropboxd with RSA key (the daemon dropboxd is closed source, I can not check the source code if the functionality is there and probably the best solution is to ask dropbox.com directly).

If that is possible, only then import the RSA key to wireshark to see what is currently being transferred.

Third Edit - details about the SSL/TSL decryption.

In the second edit section I suggested that you can view the SSL traffic via wireshark. Since Paul has thought that I'm suggesting that you should actually hack the DH key exchange, which is with current knowledge not possible, I would like to rectify it.

What I'm trying to suggest is that if you are using dropbox business RSA and RSA authentication, you could try to use the dropboxd with RSA key (the daemon dropboxd is closed source, I can not check the source code if the functionality is there and probably the best solution is to ask dropbox.com directly).

If that is possible, only then import the RSA key to wireshark to see what is currently being transferred.

extened answer with way how to check SSL/TSL trafic with wireshark
Source Link
tukan
tukan
  • 2.3k
  • 13
  • 20
improved answer
Source Link
tukan
tukan
  • 2.3k
  • 13
  • 20
Source Link
tukan
tukan
  • 2.3k
  • 13
  • 20