Decrypt SSL
111 views
Skip to first unread message
1337bash
Jun 10, 2019, 8:29:31 PM6/10/19
to Moloch Full Packet Capture
Hello everyone,
Is there anyway to decrypt SSL? We are tapping into traffic after leaving our proxy and we are trying to to decrypt https requests so we can see the request and response properly.
Bashar Shamma
Jun 10, 2019, 8:53:17 PM6/10/19
to Russell Fulton, Moloch Full Packet Capture
Thank you Russel for the quick response. We are intercepting traffic and we are using our own cert. So I was wondering if there is a place where i can configure the private key to decrypt traffic.... similar to Wireshark.
On Mon, Jun 10, 2019 at 7:37 PM Russell Fulton <russell...@gmail.com> wrote:
This really is not possible (otherwise anyone else could do it too).
Depending on how your proxy is set up you *may* be able to inspect traffic there. I say *may* because it will only work if your proxy is already Man In The Middle all your web traffic.
Moloch will extract certificate names which we find useful.
R
> On 11/06/2019, at 12:29 PM, 1337bash <Bashar...@gmail.com> wrote:
>
> Hello everyone,
>
> Is there anyway to decrypt SSL? We are tapping into traffic after leaving our proxy and we are trying to to decrypt https requests so we can see the request and response properly.
>
> --
> You received this message because you are subscribed to the Google Groups "Moloch Full Packet Capture" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to moloch-fpc+...@googlegroups.com.
> To post to this group, send email to moloc...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/moloch-fpc/b3e29ee1-0e97-45bd-b94f-e3975a787654%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Kind Regards
Russell Fulton
Jun 11, 2019, 5:42:22 AM6/11/19
to 1337bash, Moloch Full Packet Capture
This really is not possible (otherwise anyone else could do it too).
Depending on how your proxy is set up you *may* be able to inspect traffic there. I say *may* because it will only work if your proxy is already Man In The Middle all your web traffic.
Moloch will extract certificate names which we find useful.
R
> On 11/06/2019, at 12:29 PM, 1337bash <Bashar...@gmail.com> wrote:
>
Depending on how your proxy is set up you *may* be able to inspect traffic there. I say *may* because it will only work if your proxy is already Man In The Middle all your web traffic.
Moloch will extract certificate names which we find useful.
R
> On 11/06/2019, at 12:29 PM, 1337bash <Bashar...@gmail.com> wrote:
>
> Hello everyone,
>
> Is there anyway to decrypt SSL? We are tapping into traffic after leaving our proxy and we are trying to to decrypt https requests so we can see the request and response properly.
>
>
> Is there anyway to decrypt SSL? We are tapping into traffic after leaving our proxy and we are trying to to decrypt https requests so we can see the request and response properly.
>
stoomart
Jun 12, 2019, 11:34:49 AM6/12/19
to Moloch Full Packet Capture
This may not be a current feature of Moloch, but it is possible to passively inspect SSL/TLS traffic if encrypted with a known private key and the session does not use Diffie-Hellman ephemeral keys, which uses symmetric "session keys" to provide forward secrecy if the asymmetric private key is ever compromised.
On Monday, June 10, 2019 at 5:53:17 PM UTC-7, 1337bash wrote:
Thank you Russel for the quick response. We are intercepting traffic and we are using our own cert. So I was wondering if there is a place where i can configure the private key to decrypt traffic.... similar to Wireshark.
On Mon, Jun 10, 2019 at 7:37 PM Russell Fulton <russel...@gmail.com> wrote:
This really is not possible (otherwise anyone else could do it too).
Depending on how your proxy is set up you *may* be able to inspect traffic there. I say *may* because it will only work if your proxy is already Man In The Middle all your web traffic.
Moloch will extract certificate names which we find useful.
R
> On 11/06/2019, at 12:29 PM, 1337bash <Bashar...@gmail.com> wrote:
>
> Hello everyone,
>
> Is there anyway to decrypt SSL? We are tapping into traffic after leaving our proxy and we are trying to to decrypt https requests so we can see the request and response properly.
>
> --
> You received this message because you are subscribed to the Google Groups "Moloch Full Packet Capture" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to moloc...@googlegroups.com.
> To post to this group, send email to moloc...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/moloch-fpc/b3e29ee1-0e97-45bd-b94f-e3975a787654%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages