cboomf Posted August 1, 2009 Share Posted August 1, 2009 Hey haxers, might be noobish but whats the easiest way to decrypt live sll traffic in windblows (xp) anything using wireshark is preferable but am willing to try new tools, similar to what the komodia sll traffic sniffer does but to a .pcap file or live traffic through freeproxy. Cheers, Cboomf Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 1, 2009 Share Posted August 1, 2009 Komodia's Interceptor seems to decrypt SSL connections by examining the operating system's handling of the establishing of the SSL connection. A network sniffer (such as wireshark) that will produce a pcap file cannot do that. May be some one could write a program using the Komodia Interceptor that would produce a pcap file. Quote Link to comment Share on other sites More sharing options...
webdevil Posted August 1, 2009 Share Posted August 1, 2009 NOTHING would decrypt SSL unless your doing a MiTM attack, even Komodia! SSLsniff is a free software which sould be a good alternative to Komodia. The newer version should be out as indicated by Moxie who recently presented at Blackhat 09. Quote Link to comment Share on other sites More sharing options...
cboomf Posted August 1, 2009 Author Share Posted August 1, 2009 SSLsniff does look good but im a noob and can;t compile stuff so a windows app is needed, thanks all the same though ... Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 1, 2009 Share Posted August 1, 2009 NOTHING would decrypt SSL unless your doing a MiTM attack, even Komodia! If you watch the operating system/application create the SSL connection you can absolutely decrypt an SSL session, whcih is what Komodia's Interceptor appears to do. Quote Link to comment Share on other sites More sharing options...
cboomf Posted August 1, 2009 Author Share Posted August 1, 2009 I forgot to say i do have the public keys to decrypt the ssl connection i just don't know how ? Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 1, 2009 Share Posted August 1, 2009 You need the session key or the encrypted session key and the private key. Quote Link to comment Share on other sites More sharing options...
webdevil Posted August 2, 2009 Share Posted August 2, 2009 If you watch the operating system/application create the SSL connection you can absolutely decrypt an SSL session, whcih is what Komodia's Interceptor appears to do. I lol'd, after reading the doc's. You need to install it on the same PC where you want SSL Decrypted. Anyhow, enough of my intrusion into this topic. Quote Link to comment Share on other sites More sharing options...
cboomf Posted August 2, 2009 Author Share Posted August 2, 2009 I lol'd, after reading the doc's. You need to install it on the same PC where you want SSL Decrypted. Anyhow, enough of my intrusion into this topic. Yeh thats what im doing, im on my own proxy server but am seeing some weird ssl connectons every night at 9:38 pm, so am trying to break into them ... Quote Link to comment Share on other sites More sharing options...
PC646 Posted August 10, 2009 Share Posted August 10, 2009 Try netwitnesses investigator. Its free, easy to use and decrypts ssl. I capture with wireshark, remove the 802 header and load into investigator. Poof! http://download.netwitness.com/download.php?src=DIRECT Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 10, 2009 Share Posted August 10, 2009 Product Features: ... * SSL Decryption (with server certificate) If you have the servers private key it's 'game over' regardless of what tool you use. Quote Link to comment Share on other sites More sharing options...
Keltha Posted August 10, 2009 Share Posted August 10, 2009 Sparda is right needing a private key is like being able to crack a password as long as you enter the password Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.