Re: Sniffing Encrypted Traffic (w/ keys)

From: Ty Bodell (tebodell@gmail.com)
Date: Thu Jun 23 2005 - 01:06:01 EDT

• Next message: Christian Perst: "Connecting to different services with source port 53"
• Previous message: Gareth Davies: "Re: CEH training"
• Maybe in reply to: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ssldump ( http://www.rtfm.com/ssldump/ ) decrypts traffic dumps if you
have the key. Not sure if that's what you're looking for though.

Goodluck,
Tebodell

On 6/22/05, Brad DeShong <brad@deshong.net> wrote:
> Times Enemy wrote:
>
> >Greetings.
> >
> >http://ettercap.sourceforge.net/
> >
> >.te
> >
> >
> >
> >
> >>During a recent assesment we compromised SSL keys for a webserver and
> >>wanted to sniff the "encrypted" traffic. In theory this works, but
> >>what tools exist to do this in practice? I've seen Covelight's
> >>Clearwatch on a Windows system, but we're working with a Linux system on
> >>the inside. Is a MITM necessary or can it be done by just looking at
> >>the traffic after the fact (at least for the half of the connection we
> >>have keys for?).
> >>
> >>Thanks,
> >>Brad DeShong
> >>WestAnnex Security
> >>
> >>
> >
> >
> >
> >
> Sure, I know I could do a MITM, but I want to decrypt all this traffic
> after the fact from pcap data and the retrieved keys. Does ettercap
> have this capability?
>

• Next message: Christian Perst: "Connecting to different services with source port 53"
• Previous message: Gareth Davies: "Re: CEH training"
• Maybe in reply to: Brad DeShong: "Sniffing Encrypted Traffic (w/ keys)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT