Jump to content

SSL Pcap decryption.


NiGhtMarEs0nWax

Recommended Posts

ok first i just want to say i love the show, its great, so much technical information to get the ideas flowing and a good place to start and give you some great tips to get you going. there just isnt a show like it, ive been looking for webcasts or podcasts such as this for a long time. also if anyone else knows of a good place for me to find alternative webcasts such as these, please inform me. :)

i would like to state that i am only interested in this particular topic for my own proof of concept and have no intentions to use it in nefarious ways.

ok.. so heres my problem.

OS: Windows XP --- yes that is the first problem!! D:

Software: Wireshark

basically ive done a pcap of my own gmail login routine and i would like to decrypt the packets and obtain my password. ive done a little bit of research on ssl and the key exchange, my interpretations is that a public key is provided to me through an Equifax Secure eBusiness certificate for gmail, and the private key is held by the gmail server. the problems i am having is using the certificate with wireshark to decrypt the ssl packets. the guides i found were either for the linux port of wireshark or just poorly explained.

Questions:

after i have the pcap, how do i use the certificate or public key to decrypt the packets?

is the Equifax Secure eBusiness cert the correct certificate to be using?

is the public key even stored within this cert? or is it contained within the pcap?

where is the certificate physically stored on my disk in XP?

i know i can export the certificates through firefox, but to what format? what is compatible with wireshark?

am i on the completely wrong track?

i am very much interested to get this resolved and this seems like the best choice of board to be asking such questions. :)

please reply back as i have lost faith in teh internetz trukz D:

Link to comment
Share on other sites

well, for the most part (as long as it's refering to the graphical part of wireshark for linux) it should be the same as in xp. on the other stuff.... have no idea personally.

thanks for the reply, turns out that in order to decrypt the packets in transit i will need the private key, which is held by google. doh! i knew that already =P so i need to set up a mitm attack on my local machine and present my own certificate.

a lot of work for a windoze machine, think its time to move to linux =p

Link to comment
Share on other sites

i need to set up a mitm attack on my local machine and present my own certificate.

This could be accomplished easily with Cain, as it does all the work for you. The hard part is getting the user at the other end to accept the certificate. Most browsers these days are pretty good at prompting you of invalid certficates, so it wouldn't matter if you were being served one from windows, linux or a mac. It still requires user ignorance at the other end. I think with ettercap you can also insert your own certificates, or evern redirect them to the http equivalent of the https site, if the site allows login from both.

Link to comment
Share on other sites

thanks, like i said i will be setting this up on my own network just for learning purposes.

anyone know where i can get a safe copy fo cain and abel?

http://www.oxid.it/cain.html ??

thanks :)

ps. im still learning linux at the moment so maybe in a month or 2 ill try ettercap.

pps: oh yeh i forgot to ask, how would i go about setting up my own certificate? obviously it cant be signed

Link to comment
Share on other sites

There is an Ettercap version for windows as well, but its good to learn linux so try both out and get familiar with the tools. I'm failry certain oxid,it is the official site for cain.

Link to comment
Share on other sites

  • 3 weeks later...
pps: oh yeh i forgot to ask, how would i go about setting up my own certificate? obviously it cant be signed

There was some site that would give you a single domain SSL cert for free.. signed and everything, cant find it at the moment tho...

Wonder if that would do any good?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...