Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Https sniffer

from [Achim Hoffmann] Network Security [Permanent Link]
Subject: Re: Https sniffer
Date: Thu, 21 Jul 2005 09:19:27 +0200 (MEST) 
On Wed, 20 Jul 2005, Phalak, Kashmira Vijay wrote:

!! Hi All,
!!
!! Thanks for your suggestions! But most of these products suggested need
!! the private key to be supplied for decrypting the SSL traffic.

For shure do they need the key for decryption. Or what else do you expect?

!! The HTTP
!! Analyzer which I initially tried, does not need the private key to be
!! supplied and does a good job of decrytping SSL traffic.

HTTP is not encrypted, hence you don't need a private key. Or do I miss
something in your description?

!! Can anyone
!! explain to me how this works? But the HTTP analyzer only sniffs the
!! traffic in the current user session.

Don't know what you mean, in particular which HTTP analyzer.
But I guess that it is a tool installed in or together with your browser.
Then it does not nead any key 'cause the traffic has already been decrypted
by the browser (which has a key).
That also would explains why your are talking of "user sessions".

!! This behavior is different from
!! that of ethereal when I set it in promiscuous mode. Here, I can see
!! traffic from other machines on the same ether segment.

ethereal dumps SSL too (but not decrypted, for obvious reason)

!! I may be wrong
!! here, but I don't see this in either ClearWatch,ssldump or ngrep.

What are you missing beside what cannot be done (see description above).

Does this explain how these tools work? Or do you need something different?
{-: Achim





!!
!!
!! -----Original Message-----
!! From: Garth Somerville [mailto:therealgarth@yahoo.com]
!! Sent: Wednesday, July 20, 2005 6:43 AM
!! To: webappsec@securityfocus.com
!! Cc: Phalak, Kashmira Vijay
!! Subject: Re: Https sniffer
!!
!! Hi Kashmira:
!!
!! ClearWatch is a free tool from Covelight that will work great as an
!! HTTPS sniffer.  You will need to provide the server's private key to
!! decrypt SSL traffic.
!!
!! You can find it here:
!!
!! http://www.covelight.com/downloads.php
!!
!! Cheers,
!! -Garth Somerville
!!
!! __________________________________________________
!! Do You Yahoo!?
!! Tired of spam?  Yahoo! Mail has the best spam protection around
!! http://mail.yahoo.com
!!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Https sniffer, Rogan Dawes
Next by Date:  Re: Maia Mailgaurd http://www.renaissoft.com/maia/, Achim Hoffmann
Previous by Thread:  Re: Https sniffer, Rogan Dawes
Next by Thread:  RE: Https sniffer, Erick Lee
Indexes:  [Date] [Thread] [Top] [All Lists]