I'll start by saying I asked this in March so it's been a while since I was playing with all this. Guess the mail got stuck somewhere.
What I was trying to do was just see how easy it was to decrypt traffic if the certificate could be aquired. This was before Heartbleed but going back to it now I'm sure there are plenty of certificates lying around now. I know they can be used to set up fake sites but being able to decrypt as well is just a useful extra skill. Robin On 25 Jul 2014 16:00, "Ron Bowes" <r...@skullsecurity.net> wrote: > What's your ultimate goal? I usually find it easier to man in the middle > SSL connections if that's an option. > On 25 Jul 2014 06:06, "Robin Wood" <ro...@digininja.org> wrote: > >> I'm trying to look at decrypting HTTPS/SSL traffic. I've created a >> server using openssl: >> >> openssl s_server -www -cipher AES256-SHA -key server.pem -cert >> server.crt -accept 443 >> >> and connect to it using >> >> echo -e "GET / HTTP/1.0\r\n" | openssl s_client -connect localhost:443 >> >> I'm then sniffing the traffic using tshark >> >> tshark -o "ssl.desegment_ssl_records: TRUE" -o >> "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: >> 127.0.0.1,443,http,/etc/ssl/mine/server.pem" -o "ssl.debug_file: >> ./wireshark-log" -i lo -R "tcp.port == 443" -2 >> >> This has the same server.pem file as the server so it should be able >> to decrypt things without any problems. >> >> Watching the wireshark-log file this works fine and I get cleartext in >> the log. >> >> Same if I connect through curl or wget. >> >> If I then try through either Firefox or Chrome I get a load of output >> in the log but no decrypted data. What would cause this? >> >> If I use Apache to run the server rather than openssl I don't get any >> decryption regardless of what client I get. >> >> What am I doing wrong? >> >> I'm getting most of my info from Mark's article from 2010, I've had to >> tweak a few bits but there is a difference between what I'm getting >> and what Mark got. >> >> http://securityweekly.com/2010/10/tsharkwireshark-ssl-decryption.html >> >> Robin >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom@mail.securityweekly.com >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.securityweekly.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list Pauldotcom@mail.securityweekly.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
