Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing Encrypted Traffic (w/ keys)

From: Ty Bodell <tebodell () gmail com>
Date: Thu, 23 Jun 2005 00:06:01 -0500
ssldump ( http://www.rtfm.com/ssldump/ ) decrypts traffic dumps if you
have the key.  Not sure if that's what you're looking for though.

Goodluck,
Tebodell

On 6/22/05, Brad DeShong <brad () deshong net> wrote:

Times Enemy wrote:


Greetings.

http://ettercap.sourceforge.net/

.te





During a recent assesment we compromised SSL keys for a webserver and
wanted to sniff the  "encrypted" traffic.  In theory this works, but
what tools exist to do this in practice?  I've seen Covelight's
Clearwatch on a Windows system, but we're working with a Linux system on
the inside.  Is a MITM necessary or can it be done by just looking at
the traffic after the fact (at least for the half of the connection we
have keys for?).

Thanks,
Brad DeShong
WestAnnex Security








Sure, I know I could do a MITM, but I want to decrypt all this traffic
after the fact from pcap data and the retrieved keys.  Does ettercap
have this capability?
Previous By Date Next
Previous By Thread Next

Current thread: