PaulDotCom mailing list archives
Re: [Security Weekly] decrypting HTTPS/SSL traffic
From: Kevin Shaw <kevin.lee.shaw () gmail com>
Date: Fri, 25 Jul 2014 17:08:09 -0400
Robin, You can plug the certificates into wireshark and read the traffic. On Jul 25, 2014 5:05 PM, "Robin Wood" <robin@digi.ninja> wrote:
I'll start by saying I asked this in March so it's been a while since I was playing with all this. Guess the mail got stuck somewhere. What I was trying to do was just see how easy it was to decrypt traffic if the certificate could be aquired. This was before Heartbleed but going back to it now I'm sure there are plenty of certificates lying around now. I know they can be used to set up fake sites but being able to decrypt as well is just a useful extra skill. Robin On 25 Jul 2014 16:00, "Ron Bowes" <ron () skullsecurity net> wrote:What's your ultimate goal? I usually find it easier to man in the middle SSL connections if that's an option. On 25 Jul 2014 06:06, "Robin Wood" <robin () digininja org> wrote:I'm trying to look at decrypting HTTPS/SSL traffic. I've created a server using openssl: openssl s_server -www -cipher AES256-SHA -key server.pem -cert server.crt -accept 443 and connect to it using echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect localhost:443 I'm then sniffing the traffic using tshark tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,443,http,/etc/ssl/mine/server.pem" -o "ssl.debug_file: ./wireshark-log" -i lo -R "tcp.port == 443" -2 This has the same server.pem file as the server so it should be able to decrypt things without any problems. Watching the wireshark-log file this works fine and I get cleartext in the log. Same if I connect through curl or wget. If I then try through either Firefox or Chrome I get a load of output in the log but no decrypted data. What would cause this? If I use Apache to run the server rather than openssl I don't get any decryption regardless of what client I get. What am I doing wrong? I'm getting most of my info from Mark's article from 2010, I've had to tweak a few bits but there is a difference between what I'm getting and what Mark got. http://securityweekly.com/2010/10/tsharkwireshark-ssl-decryption.html Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Chris Campbell (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Chris Campbell (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic John Lowry (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Ron Bowes (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Kevin Shaw (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Nich Ramsey (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Nich Ramsey (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Nich Ramsey (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Carlos Perez (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 26)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Rajat Swarup (Jul 27)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Robin Wood (Jul 25)
- Re: [Security Weekly] decrypting HTTPS/SSL traffic Chris Campbell (Jul 25)