WebApp Sec mailing list archives
RE: Https sniffer
From: "Asaf Wexler" <Asaf.Wexler () breach com>
Date: Wed, 20 Jul 2005 05:56:47 -0400
Hi Kashmira, I assume what you are asking for is the ability to *decrypt* the SSL traffic, in addition to the ability to sniff in promiscuous mode. All network sniffers today sniff in promiscuous mode, regardless of the traffic type (http,https,etc.). However, almost none of them can do a good job (if at all) in decrypting SSL traffic (given the server private key, of course). <Marketing Plug> If you are looking for commercial solutions and not only open source solutions, you can take a look at BreachView SSL (which I was responsible for implementing). BreachView SSL is a passive SSL decryption engine that can work with any network sniffer (or NIDS), and it will feed the sniffer of your choice with a stream of decrypted TCP packets. </Marketing Plug> HTH, Asaf Wexler, Project Manager, R&D Breach Security, Inc. -----Original Message----- From: Lyal Collins [mailto:lyal.collins () key2it com au] Sent: Wednesday, July 20, 2005 11:52 AM To: 'Hugo Fortier'; 'Phalak, Kashmira Vijay' Cc: vuln-dev () securityfocus com; webappsec () securityfocus com Subject: RE: Https sniffer I've tried ssldump recently but only obtained decrypts with a very restricted set of SSL parameters - RSA and 3DES in my case. I don't have the coding skills to approach this in order to resolve the issues either, sorry. Your mileage may vary... Lyal -----Original Message----- From: Hugo Fortier [mailto:hfortier () recon cx] Sent: Wednesday, 20 July 2005 1:22 PM To: Phalak, Kashmira Vijay Cc: vuln-dev () securityfocus com; webappsec () securityfocus com Subject: Re: Https sniffer Hi Kashmira, There is ssldump, it's not a HTTP Analyser but a SSL analyser you can find it at http://www.rtfm.com/ssldump/. ssldump will decrypt the data if provided with the good private key. Hugo On 19-Jul-05, at 8:58 PM, Phalak, Kashmira Vijay wrote:
Hi All, Does anybody know a good https sniffer which can sniff in promiscuous mode? I tried HTTP Analyzer and it works great, but it does not have support for promiscuous mode. Thanks, Kashmira.
Current thread:
- Https sniffer Phalak, Kashmira Vijay (Jul 19)
- Re: Https sniffer Hugo Fortier (Jul 19)
- RE: Https sniffer Lyal Collins (Jul 20)
- Re: Https sniffer Garth Somerville (Jul 20)
- <Possible follow-ups>
- RE: Https sniffer Asaf Wexler (Jul 20)
- RE: Https sniffer Phalak, Kashmira Vijay (Jul 20)
- RE: Https sniffer Garth Somerville (Jul 21)
- Re: Https sniffer Rogan Dawes (Jul 21)
- Re: Https sniffer Achim Hoffmann (Jul 21)
- RE: Https sniffer Erick Lee (Jul 21)
- RE: Https sniffer Phalak, Kashmira Vijay (Jul 21)
- Re: Https sniffer Hugo Fortier (Jul 19)