Decrypting SSL/TLS traffic
137 views
Skip to first unread message
raghvendra mishra
Nov 1, 2013, 1:29:01 AM11/1/13
to null-...@googlegroups.com
Hello Geeks,
I'm trying to decrypt ssl traffic using wireshark. I'm making connection request to gmail on port 443 using openssl & capturing packet in wireshark. When the request goes to gmail it shows the master key used to encrypt the session. When I'm using this master key in wireshark then it is not decrypting the traffic.
Help me to decrypt the traffic. Openssl command is
openssl s_client -cipher AES256-SHA -connect www.google.com:443
--
Thank You & Regards:-
Raghvendra Mishra
Raghvendra Mishra
Computer Network & Internet Engineering Division(R&D)
C-DAC, Electronic City, Bangalore
Contact No.- +91-8867404241
email- raghav...@cdac.in
C-DAC, Electronic City, Bangalore
Contact No.- +91-8867404241
email- raghav...@cdac.in
Sunil Kumar
Nov 1, 2013, 3:11:11 AM11/1/13
to null-...@googlegroups.com
That master key its negotiated/generated for the session. The key will be different for every session.(replay attack).
===============
SunilKumar
------------------------------
http://in.linkedin.com/in/sunilkr86/
http://30d4.blogspot.in/
===============
--
_______________________________________________________________________________
EMC Defenders League CTF - Play and Win - http://www.emcdefendersleague2013.com
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
raghvendra mishra
Nov 1, 2013, 4:08:28 AM11/1/13
to null-...@googlegroups.com
yes it is right but client hello should be decrypted using the key that is shown when you run the opennssl.
Sunil Kumar
Nov 1, 2013, 10:09:05 AM11/1/13
to null-...@googlegroups.com
But the I guess client hello would be encrypted using server's public key.
R@m@n
Nov 3, 2013, 1:21:54 AM11/3/13
to null-...@googlegroups.com
hey misthra,
If u got answer for below question, pls share with me.
Thanks,
R@m@n
raghvendra mishra
Nov 3, 2013, 2:32:24 AM11/3/13
to null-...@googlegroups.com
Hey raman,
I didn't get the answer.
The client hello message couldn't encrypted with the use of server's public key, because client will the get server's public key only when server hello message will come to the client, that is in the server certificate.
I have found some link that quite useful for ssl decryption
And one paper is in SANS reading room.
--
_______________________________________________________________________________
EMC Defenders League CTF - Play and Win - http://www.emcdefendersleague2013.com
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages