Penetration Testing mailing list archives
Re: Sniffing Encrypted Traffic (w/ keys)
From: Brad DeShong <brad () deshong net>
Date: Wed, 22 Jun 2005 23:03:24 -0500
Times Enemy wrote:
Sure, I know I could do a MITM, but I want to decrypt all this traffic after the fact from pcap data and the retrieved keys. Does ettercap have this capability?Greetings. http://ettercap.sourceforge.net/ .teDuring a recent assesment we compromised SSL keys for a webserver and wanted to sniff the "encrypted" traffic. In theory this works, but what tools exist to do this in practice? I've seen Covelight's Clearwatch on a Windows system, but we're working with a Linux system on the inside. Is a MITM necessary or can it be done by just looking at the traffic after the fact (at least for the half of the connection we have keys for?). Thanks, Brad DeShong WestAnnex Security
Current thread:
- Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available
- Re: Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available
- Re: Sniffing Encrypted Traffic (w/ keys) Ty Bodell (Jun 23)
- Re: Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available