Sniffing Encrypted Traffic (w/ keys)

From: Brad DeShong (brad@deshong.net)
Date: Wed Jun 22 2005 - 22:42:52 EDT

• Next message: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Previous message: Robert Hines: "RE: Risks associated to branch office IPSec devices"
• Next in thread: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Maybe reply: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Maybe reply: Ty Bodell: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

During a recent assesment we compromised SSL keys for a webserver and
wanted to sniff the "encrypted" traffic. In theory this works, but
what tools exist to do this in practice? I've seen Covelight's
Clearwatch on a Windows system, but we're working with a Linux system on
the inside. Is a MITM necessary or can it be done by just looking at
the traffic after the fact (at least for the half of the connection we
have keys for?).

Thanks,
Brad DeShong
WestAnnex Security

• Next message: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Previous message: Robert Hines: "RE: Risks associated to branch office IPSec devices"
• Next in thread: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Maybe reply: Brad DeShong: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Maybe reply: Ty Bodell: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT