I am trying to decrypt a https conversation with a hardware device I can't seen to change or download the private key. Is this even possible?
Asked
Active
Viewed 161 times
2
-
Right now we can't answer this question as there isn't anywhere near enough detail. – user9517 Apr 06 '11 at 07:06
-
IMHO you can using `wireshark` with SSL decryption support – Ency Apr 06 '11 at 07:27
-
Yes, you can but you need the private key. It seems obvious, I was just checking. – Matt Apr 06 '11 at 08:43
-
@lain: Grammatically poor question I'll give you that, but what else would you like to know? I think my question was just deceptively stupid. – Matt Apr 06 '11 at 08:48
3 Answers
3
It's a little dificult trying to understand the question however to decrypt a ssl connection you'll need to be able to get hold of the private key. If you have the private key available you can get Wireshark/Tshark to decrypt the tcp stream, there is a good example on how to do that at Wire Watcher and Wire Shark.
Decado
- 1,949
- 11
- 17
-
Yep, I didn't mention I had the packet cap. I was just hoping that if I had the full conversation there may be a way. I will just decompile the app to find out what it is tx/rx'ing – Matt Apr 06 '11 at 08:46
1
if you are not strictly sticking to H/W ways or cracking Public-Private Key mechanism... there are other ways
there are ways of defeating SSL at its implementation level...
say for example attacks like SSL Stripping can compromise credentials if the initial page is viewed at plain HTTP with HTML-page coded with HTTPS link to send Credentials over...
there are also Session Hijacking attacks like "Sidejacking", where if cookie-auth structure is not properly handled could lead to compromise of entire web-service without ever leaking the credentials
AbhishekKr
- 217
- 1
- 3
-
-
@Matthew: sorry, I missed out your comment... there are loads of resources/videos online just a 'google'away... though, I wrote a post on it from some of my learnings in March'11, this has almost all major practices in small pack to start with... @ http://hackersmag.blogspot.com/2011/03/full-site-ssl-ification-is-not-option.html – AbhishekKr Jul 09 '11 at 09:50
0
Depending on the hardware, you shouldn't be able to get access to the private key (or for some devices you can through an administrative interface)
That's the whole point.
If an attacker could get the private key then the security is broken, so the private key will never be transmitted. Your pcap will not have it (or if it does, you'll want to go with different hardware as this isn't secure!)
Rory Alsop
- 1,184
- 11
- 21