Jump to content

NiGhtMarEs0nWax

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by NiGhtMarEs0nWax

  1. thanks, like i said i will be setting this up on my own network just for learning purposes. anyone know where i can get a safe copy fo cain and abel? http://www.oxid.it/cain.html ?? thanks :) ps. im still learning linux at the moment so maybe in a month or 2 ill try ettercap. pps: oh yeh i forgot to ask, how would i go about setting up my own certificate? obviously it cant be signed
  2. thanks for the reply, turns out that in order to decrypt the packets in transit i will need the private key, which is held by google. doh! i knew that already =P so i need to set up a mitm attack on my local machine and present my own certificate. a lot of work for a windoze machine, think its time to move to linux =p
  3. ok first i just want to say i love the show, its great, so much technical information to get the ideas flowing and a good place to start and give you some great tips to get you going. there just isnt a show like it, ive been looking for webcasts or podcasts such as this for a long time. also if anyone else knows of a good place for me to find alternative webcasts such as these, please inform me. :) i would like to state that i am only interested in this particular topic for my own proof of concept and have no intentions to use it in nefarious ways. ok.. so heres my problem. OS: Windows XP --- yes that is the first problem!! D: Software: Wireshark basically ive done a pcap of my own gmail login routine and i would like to decrypt the packets and obtain my password. ive done a little bit of research on ssl and the key exchange, my interpretations is that a public key is provided to me through an Equifax Secure eBusiness certificate for gmail, and the private key is held by the gmail server. the problems i am having is using the certificate with wireshark to decrypt the ssl packets. the guides i found were either for the linux port of wireshark or just poorly explained. Questions: after i have the pcap, how do i use the certificate or public key to decrypt the packets? is the Equifax Secure eBusiness cert the correct certificate to be using? is the public key even stored within this cert? or is it contained within the pcap? where is the certificate physically stored on my disk in XP? i know i can export the certificates through firefox, but to what format? what is compatible with wireshark? am i on the completely wrong track? i am very much interested to get this resolved and this seems like the best choice of board to be asking such questions. :) please reply back as i have lost faith in teh internetz trukz D:
×
×
  • Create New...