Re: libpcap and certificates

[Aaron Turner <synfinatic () gmail com>]

On Wed, Oct 5, 2011 at 4:15 AM, Andrej van der Zee
<andrejvanderzee () gmail com> wrote:
> Hi,
>
> I would like to ask if somebody could point me to information on howto
> hook up libpcap to sniff a secure website on HTTPS. I understand I
> have to decrypt the packets probably using openssl, but I wonder if
> there is some howto to guide me. I am on the latest Ubuntu.

Last I checked, tcpdump supports decrypting IPSec, but not SSL.
However, Wireshark decrypts SSL.  You'll need the SSL private key of
the webserver to do it.

-- 
Aaron Turner
http://synfin.net/         Twitter: @synfinatic
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
"carpe diem quam minimum credula postero"
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.