Decrypt HTTPS

[Matheus Gomes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

Somebody it knows some form how to decrypt trafic of HTTPS without use
MITM attack ?

Regards,

Matheus P. F. Gomes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQIcBAEBAgAGBQJMMydHAAoJEEeYxJ4UgSWrF3UP/iQUmNvitTAj+EM/tSDr087+
MokDK+XYSOVlmjeKOlxcEmbZOvE5k4gexvdZqPIzpCZposmEUSFG3z7ASfjU9aQB
w5Zu2YLBNUx27oEKYspDInBeIQ7XGHv9hXsooiPPcT33WCyg6QTInMDv/nyDQYwI
/pHVEXITnq87myGUL5ZbPO6+VD1kkbmDqU5WwfhmNLPuplkg08X/UWMVAKTLHPfP
qtmu7mr+eAilxCDuoIW1tZZHwFldpcoj9CRnWqutZO54K2sSUF+vew6gw75bNOpT
LAFdtXrcgI9n+lMDhxPMzbiZ4K8P1muxyUNaX8rCw3ZfmUN1XDmRuObrh8eq/7OM
31cn8XV6q3DBRChMyWiXlLUaJPTwerY/uLNa7+9ijUTE12Ix1Km/3JWAXBRcjXCz
DtmuFEPwoZ3qPjVZEpe6QlciUdfX93ghGF/51ncfkbd8SuCEsrYBKtzoZGCnV0+J
rt8jWcJ2bf9i8KH93gpvYBbtwG71KmCyVOKLCDuylQjzjeVDEmUzi9fAknYm2PRo
UlVt2AKjRe+C7Lz9xEOfcNj/xgoJ/jtlKtH77FqUG4tNlj15bOkO06FT/PjLzWsp
aLBGgsUCcl3FE6V36LHuf8oK/7eG+VB0ImxSBxbSPHXAGJcEzwivW88MijACFg8Q
8cPqZjGL7GLYPsL4oQap
=gRdT
-----END PGP SIGNATURE-----

[Sandeep Thakur]

I am just trying to understand your query...

 

If you dont wish MITM for decryption of https, you should be doing this at client end (may be as a authorised / non authoried user). The authorised users usually have the private key to decrypt the https traffic which infact is done internally in the internet browser. If you wish not to rely on internet explorer rather have your own way of testing the same in a regular way, then you would be needing encrypted traffic (stored pcap or realtime )sent by server and a private server key as well. The tools which I know to do this manually is NmDecrypt; This tool offcourse will be helpful in testing encryption, decryption mechanism, digital certificates implementations during application security testing...

 

Tool Description
NmDecrypt is a Network Monitor Expert which when given a trace with encrypted frames, a security certificate, and a passkey will create a new trace with decrypted frames added inline. Refer the below link for more information on this....

 

http://nmdecrypt.codeplex.com/releases/view/41325

If you are looking to decrypt the https traffic in above similar fashion but not having any security certificate & private key, then I think you should tell us your intention behind and then we shall ask our team to work on this and get back with possibilities... :-)

 

 

 

Regards

Sandeep Thakur

 

 

--
You received this message because you are subscribed to the Google Groups "nforceit" group.
To post to this group, send an email to nfor...@googlegroups.com.
To unsubscribe from this group, send email to nforceit+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.

[Matheus P. F. Gomes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Sandeep,

Thanks very much, you understand perfect my question, I'm try this possibility and return if I dont having success.

Sorry my english =/

Regards,

Matheus P. F. Gomes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQIcBAEBAgAGBQJMNMTfAAoJEEeYxJ4UgSWrtmoQAN3A8eQTRhvRhznW4Vs3KXPy
2ygxP/Czw9MpUHVrfrt1TlqH15kwalR3O2eK46gLsB9IBsBb5rjnSC8P78AQR/BZ
uyN7Xv6e3WQANcSxIFOHv2fVqlNmp7qhipBz0JdFMEpfQiNLOgmFzs8PScnTIxZg
QUejAcNMrDGe0RhxAlNW2GcNWP9wXfXW1znEqv7cKAxLdW8Pl6KWkBAXirqCyecm
+B5na6izmfDjcQuDSZQd6LLPQfbiubOgeMK0IQNZT90zNHOyqzIb+U7ZMBI9knvP
vIIJV7aHoydWPrsMGsYWtrXWoN2RsDgfcViHBFcIxBhXnsNz95sDvEsj2GqxZoFB
D9XZ6dhbJtA4ZBk9Y76z+FpBrt9aCP3GfwnDfdH73ktVNiEQ4KrMRT4cAp3uJT9M
04jqAg6r/1VcTDpT/IFL2k5KEbK01nPU9+4ayue3oC8as7LvEv2NSdLg3iJihphd
ZiToetMi5jhpxjNQWgiXH1uFyfN+PmaJvVrC7yZbQHmdbAmJpn5cawkFU3eaOTcm
dU3gdVj9schBQCwvld1+W8qL0MSN/+2pzKchnnMfsShOkSx2hvoPyWWnEhO5EZ8m
YWyYN8m6lzPsstmN7zZ+n4Jg7RYVbqZ5JbO90kXGPgQltJWtT55MIJ/Q/2Rpt0B4
34m+bzx3HEPWkVJk6Lxq
=B00E
-----END PGP SIGNATURE-----