Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Decrypting SSL with Wireshark

From: "sieger007 () gmail com" <sieger007 () gmail com>
Date: Mon, 18 Jan 2010 13:07:16 -0800
Ok thanks again. I am trying to test ANY tool/method where I can  sniff SSL
passwords *without issuing fake SSL  certificates. Ettercap MITM would issue
fake certificates. How is that prevented . *
Pl point me to some exhaustive resources which can help me climb that hill
Thanks
S

On Mon, Jan 18, 2010 at 12:27 PM, Sake Blok <sake () euronet nl> wrote:


 If there was, SSL would not do a good job being a secure protocol...

----- Original Message -----
*From:* sieger007 () gmail com
*To:* Community support list for Wireshark <wireshark-users () wireshark org>
*Sent:* Monday, January 18, 2010 9:11 PM
*Subject:* Re: [Wireshark-users] Decrypting SSL with Wireshark

Hi Adam
Thanks . Now is there a way to 'extract' a Pvt key from a cert file or that
is confidential e.g. google, hotmail. etc.Is there any OTHER viable solution
to sniff SSL traffic without creating a fake certificate with warnings
Thanks
S

On Mon, Jan 18, 2010 at 10:59 AM, St. Onge,Adam <ASTONGE () travelers com>wrote:


 The wiki has good coverage on this (http://wiki.wireshark.org/SSL) but
not really applicable to Penetration testing unless you have already
compromised the web server and got the Private key.


 ------------------------------

*From:* wireshark-users-bounces () wireshark org [mailto:
wireshark-users-bounces () wireshark org] *On Behalf Of *sieger007 () gmail com
*Sent:* Monday, January 18, 2010 12:29 PM
*To:* wireshark-users () wireshark org
*Subject:* [Wireshark-users] Decrypting SSL with Wireshark



Hi Folks
I am  interesting in using Wireshark for Penetration Testing work. SSL has
always intrigued me. I heard it is poss to decrypt traffic using WS.
Wireshark documentation. Has more stuff on it but it all sounds so Greeky.
I can't follow squat of that .
Can SOMEONE PLEASE point to some video tutorial or gimme a plain and
simple tutorial how this is done.
What'd be the success rate . Did anyone have luck doing this with  some
9/10 success . Please help
Thanks
S

==============================================================================
This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for 
the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than 
by the addressee, is prohibited. If you have received this communication in error, please notify the sender 
immediately and delete or destroy this communication and all copies.



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe



 ------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: