Snort mailing list archives
Re: snort ssl plug-in
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 13 Jan 2004 15:25:58 -0500
At 05:08 AM 1/13/2004, Derya Sezen wrote:
I wanna collect the private keys in my local trusted area & see the crypted traffic, ( i have the public keys of the both side) i think it is possible logically, no? Is there any Snort plug-in for that?!
*chuckle*...If what you suggest was possible, SSL would be worthless... You need the private keys for this kind of stuff, not the public ones. The public ones are sent over the wire, so everyone in the world has those.
Once you have the private keys, you can theoretically start sniffing sessions, capturing session keys (which are for symmetric ciphers, thus are neither a public nor private key, but instead are secret keys)
Did you actually mean you have the SSL private keys for both sides, or do you only have the public ones, which any joe in the world could have?
If you only have the public keys, start cracking them to derive the private keys, and don't expect to get anywhere in the next several years.
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort ssl plug-in Derya Sezen (Jan 13)
- Re: snort ssl plug-in Matt Kettler (Jan 13)
- Re: snort ssl plug-in Derya Sezen (Jan 13)
- RE: snort ssl plug-in robert schwartz (Jan 14)
- <Possible follow-ups>
- Re: snort ssl plug-in Jason Haar (Jan 13)
- Re: snort ssl plug-in Matt Kettler (Jan 13)