Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Https sniffer

from [Asaf Wexler] Network Security [Permanent Link]
Subject: RE: Https sniffer
Date: Wed, 20 Jul 2005 05:56:47 -0400 
Hi Kashmira,

I assume what you are asking for is the ability to *decrypt* the SSL
traffic, in addition to the ability to sniff in promiscuous mode.

All network sniffers today sniff in promiscuous mode, regardless of the
traffic type (http,https,etc.). However, almost none of them can do a
good job (if at all) in decrypting SSL traffic (given the server private
key, of course).

<Marketing Plug>

If you are looking for commercial solutions and not only open source
solutions, you can take a look at BreachView SSL (which I was
responsible for implementing).
BreachView SSL is a passive SSL decryption engine that can work with any
network sniffer (or NIDS), and it will feed the sniffer of your choice
with a stream of decrypted TCP packets.

</Marketing Plug>


HTH,
Asaf Wexler, Project Manager, R&D
Breach Security, Inc.

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins@key2it.com.au] 
Sent: Wednesday, July 20, 2005 11:52 AM
To: 'Hugo Fortier'; 'Phalak, Kashmira Vijay'
Cc: vuln-dev@securityfocus.com; webappsec@securityfocus.com
Subject: RE: Https sniffer

I've tried ssldump recently but only obtained decrypts with a very
restricted set of SSL parameters - RSA and 3DES in my case.
I don't have the coding skills to approach this in order to resolve the
issues either, sorry.
Your mileage may vary...

Lyal


-----Original Message-----
From: Hugo Fortier [mailto:hfortier@recon.cx] 
Sent: Wednesday, 20 July 2005 1:22 PM
To: Phalak, Kashmira Vijay
Cc: vuln-dev@securityfocus.com; webappsec@securityfocus.com
Subject: Re: Https sniffer


Hi Kashmira,

There is ssldump, it's not a HTTP Analyser but a SSL analyser you can  
find it at http://www.rtfm.com/ssldump/. ssldump will decrypt the  
data if provided with the good private key.

Hugo

On 19-Jul-05, at 8:58 PM, Phalak, Kashmira Vijay wrote:


Hi All,

Does anybody know a good https sniffer which can sniff in promiscuous 
mode? I tried HTTP Analyzer and it works great, but it does not have 
support for promiscuous mode.

Thanks,
Kashmira.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein, Cyrill Osterwalder
Next by Date:  Re: Maia Mailgaurd http://www.renaissoft.com/maia/, Achim Hoffmann
Previous by Thread:  Re: Https sniffer, Garth Somerville
Next by Thread:  RE: Https sniffer, Phalak, Kashmira Vijay
Indexes:  [Date] [Thread] [Top] [All Lists]