Penetration Testing mailing list archives
Re: Sniffing Encrypted Traffic (w/ keys)
From: Ty Bodell <tebodell () gmail com>
Date: Thu, 23 Jun 2005 00:06:01 -0500
ssldump ( http://www.rtfm.com/ssldump/ ) decrypts traffic dumps if you have the key. Not sure if that's what you're looking for though. Goodluck, Tebodell On 6/22/05, Brad DeShong <brad () deshong net> wrote:
Times Enemy wrote:Greetings. http://ettercap.sourceforge.net/ .teDuring a recent assesment we compromised SSL keys for a webserver and wanted to sniff the "encrypted" traffic. In theory this works, but what tools exist to do this in practice? I've seen Covelight's Clearwatch on a Windows system, but we're working with a Linux system on the inside. Is a MITM necessary or can it be done by just looking at the traffic after the fact (at least for the half of the connection we have keys for?). Thanks, Brad DeShong WestAnnex SecuritySure, I know I could do a MITM, but I want to decrypt all this traffic after the fact from pcap data and the retrieved keys. Does ettercap have this capability?
Current thread:
- Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available
- Re: Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available
- Re: Sniffing Encrypted Traffic (w/ keys) Ty Bodell (Jun 23)
- Re: Sniffing Encrypted Traffic (w/ keys) Brad DeShong (Jun 22)
- Message not available