Re: Sniffing Encrypted Traffic (w/ keys)

From: Brad DeShong (brad@deshong.net)
Date: Thu Jun 23 2005 - 00:03:24 EDT

• Next message: Gareth Davies: "Re: CEH training"
• Previous message: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Maybe in reply to: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Next in thread: Ty Bodell: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Times Enemy wrote:

>Greetings.
>
>http://ettercap.sourceforge.net/
>
>.te
>
>
>
>
>>During a recent assesment we compromised SSL keys for a webserver and
>>wanted to sniff the "encrypted" traffic. In theory this works, but
>>what tools exist to do this in practice? I've seen Covelight's
>>Clearwatch on a Windows system, but we're working with a Linux system on
>>the inside. Is a MITM necessary or can it be done by just looking at
>>the traffic after the fact (at least for the half of the connection we
>>have keys for?).
>>
>>Thanks,
>>Brad DeShong
>>WestAnnex Security
>>
>>
>
>
>
>
Sure, I know I could do a MITM, but I want to decrypt all this traffic
after the fact from pcap data and the retrieved keys. Does ettercap
have this capability?

• Next message: Gareth Davies: "Re: CEH training"
• Previous message: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Maybe in reply to: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Next in thread: Ty Bodell: "Re: Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT