| Yazar |
|
tugba
Yalova
Kayıt: 10.03.2006 |
|
Merhabalar,
Bi konu ile ilgili araştırma yapıyorum,
client - server arasında ssl ile veri iletişimi sağlanıyor ,
ben elimdeki geçerli sertifikayı kullanarak network'ü dinleyip
cleartexti elde etmek istiyorum.
Bunu yapabileceğim herhangi bir tool bilen , duyan var mı?
...
|
|
|
| Yazar |
|
tugba
Yalova
Kayıt: 10.03.2006 |
|
araştırmam çabuk bitti:)
Wireshark network analyzer bu işi halledebiliryormuş
Now we have everything needed to configure Wireshark for decrypting the SSL data. To set this up,
1. In Wireshark, go to Edit > Preferences.
2. In the Preferences dialog, select SSL in the Protocols sections. The two first fields that will reassemble data should be enabled to make the data easier to read.
3. In the "SSL debug file" field, specify a filename where debug data can be written to. Depending on the size of the trace this file can become very big.
4. In the "RSA keys list" field, make sure all the necessary information is specified to find the packets, extract the needed encryption keys, and decrypt all the packets. The correct format is:
<server_ip_address,ssl_port,protocol_used,path_to_cert_file>After all this is specified, Wireshark will search for the specified SSL packets and decrypt the application data.
5. Fill the "RSA keys list" field with the data gathered earlier:
Src IP address
Src TCP port
Protocol is http
Key file we decrypted with OpenSSL
The resulting field will be:
149.44.38.230,8443,http,e: race
am-idp_lab_ba.pem6. Specify a debug file to troubleshoot the plug-in in case it doesn't work.
7. Click Apply and OK.
The packets named "application data" have become typical http packets, so now you can see and analyze the http data.
...
|
|
|
|
|
Del.icio.us
Digg
Facebook
Furl
Google
Blink
Simpy
Spurl
Y! MyWeb