NiGhtMarEs0nWax Posted May 25, 2009 Share Posted May 25, 2009 ok first i just want to say i love the show, its great, so much technical information to get the ideas flowing and a good place to start and give you some great tips to get you going. there just isnt a show like it, ive been looking for webcasts or podcasts such as this for a long time. also if anyone else knows of a good place for me to find alternative webcasts such as these, please inform me. :) i would like to state that i am only interested in this particular topic for my own proof of concept and have no intentions to use it in nefarious ways. ok.. so heres my problem. OS: Windows XP --- yes that is the first problem!! D: Software: Wireshark basically ive done a pcap of my own gmail login routine and i would like to decrypt the packets and obtain my password. ive done a little bit of research on ssl and the key exchange, my interpretations is that a public key is provided to me through an Equifax Secure eBusiness certificate for gmail, and the private key is held by the gmail server. the problems i am having is using the certificate with wireshark to decrypt the ssl packets. the guides i found were either for the linux port of wireshark or just poorly explained. Questions: after i have the pcap, how do i use the certificate or public key to decrypt the packets? is the Equifax Secure eBusiness cert the correct certificate to be using? is the public key even stored within this cert? or is it contained within the pcap? where is the certificate physically stored on my disk in XP? i know i can export the certificates through firefox, but to what format? what is compatible with wireshark? am i on the completely wrong track? i am very much interested to get this resolved and this seems like the best choice of board to be asking such questions. :) please reply back as i have lost faith in teh internetz trukz D: Quote Link to comment Share on other sites More sharing options...
h3%5kr3w Posted May 26, 2009 Share Posted May 26, 2009 well, for the most part (as long as it's refering to the graphical part of wireshark for linux) it should be the same as in xp. on the other stuff.... have no idea personally. Quote Link to comment Share on other sites More sharing options...
NiGhtMarEs0nWax Posted May 26, 2009 Author Share Posted May 26, 2009 well, for the most part (as long as it's refering to the graphical part of wireshark for linux) it should be the same as in xp. on the other stuff.... have no idea personally. thanks for the reply, turns out that in order to decrypt the packets in transit i will need the private key, which is held by google. doh! i knew that already =P so i need to set up a mitm attack on my local machine and present my own certificate. a lot of work for a windoze machine, think its time to move to linux =p Quote Link to comment Share on other sites More sharing options...
digip Posted May 26, 2009 Share Posted May 26, 2009 i need to set up a mitm attack on my local machine and present my own certificate. This could be accomplished easily with Cain, as it does all the work for you. The hard part is getting the user at the other end to accept the certificate. Most browsers these days are pretty good at prompting you of invalid certficates, so it wouldn't matter if you were being served one from windows, linux or a mac. It still requires user ignorance at the other end. I think with ettercap you can also insert your own certificates, or evern redirect them to the http equivalent of the https site, if the site allows login from both. Quote Link to comment Share on other sites More sharing options...
SWFu Posted May 26, 2009 Share Posted May 26, 2009 Linux + SSLStrip + Ettercap would be the best option. Quote Link to comment Share on other sites More sharing options...
NiGhtMarEs0nWax Posted May 26, 2009 Author Share Posted May 26, 2009 thanks, like i said i will be setting this up on my own network just for learning purposes. anyone know where i can get a safe copy fo cain and abel? http://www.oxid.it/cain.html ?? thanks :) ps. im still learning linux at the moment so maybe in a month or 2 ill try ettercap. pps: oh yeh i forgot to ask, how would i go about setting up my own certificate? obviously it cant be signed Quote Link to comment Share on other sites More sharing options...
digip Posted May 27, 2009 Share Posted May 27, 2009 There is an Ettercap version for windows as well, but its good to learn linux so try both out and get familiar with the tools. I'm failry certain oxid,it is the official site for cain. Quote Link to comment Share on other sites More sharing options...
miT Posted June 15, 2009 Share Posted June 15, 2009 pps: oh yeh i forgot to ask, how would i go about setting up my own certificate? obviously it cant be signed There was some site that would give you a single domain SSL cert for free.. signed and everything, cant find it at the moment tho... Wonder if that would do any good? Quote Link to comment Share on other sites More sharing options...
Daehlie Posted June 16, 2009 Share Posted June 16, 2009 It still requires user ignorance at the other end. I have found user ignorance is something you can always depend on with the internets. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.