PDA

View Full Version : decrypt SSL private key and sniffing



Sloop
03-16-2007, 01:31 PM
Hi @ll,

I have an application that sends data to a ******* server (i.e. https://*******-server.com:44*) via port 44*. When I use WireShark to sniff the connection I can see, that SSLv* is used. I only see on the sniffing result, that SSL handshakes, authentification, exchaning keys, etc... occurs. But I am not able to see the application data which is sent through SSL. To be able to see that I need to have the proper private key.

I heard that it's possible to get the private key of the SSL data by process monitoring and dumping my application. Someone told me that it can be done either by "userdump.exe" (by creating a dump file of the running application) or by lookin live into the process with "OllyDbg" for example. My problem is that I never worked with such deb***ers, neither with userdump.exe nore with a Deb***er. Can someone give me a hint where to find useful tutorials for doin' that? Any help appreciated.

Big Thanks in advance!

Moonbat
03-16-2007, 04:37 PM
Here's a nice tutorial on using OllyDbg:

www.geocities.com/imdeathspawn/

I'm not sure if it covers what you need, but it's a good tutorial on OllyDbg in general.

Ezekiel
03-16-2007, 05:03 PM
Hi @ll,

I have an application that sends data to a ******* server (i.e. https://*******-server.com:44*) via port 44*. When I use WireShark to sniff the connection I can see, that SSLv* is used. I only see on the sniffing result, that SSL handshakes, authentification, exchaning keys, etc... occurs. But I am not able to see the application data which is sent through SSL. To be able to see that I need to have the proper private key.

I heard that it's possible to get the private key of the SSL data by process monitoring and dumping my application. Someone told me that it can be done either by "userdump.exe" (by creating a dump file of the running application) or by lookin live into the process with "OllyDbg" for example. My problem is that I never worked with such deb***ers, neither with userdump.exe nore with a Deb***er. Can someone give me a hint where to find useful tutorials for doin' that? Any help appreciated.

Big Thanks in advance!

Honestly, I doubt anyone here has the knowledge to help you in this area. What you're looking to do is directly view data currently stored in the RAM or modify the program to give you the plain-text communications.

I would s***est learning yourself some assembly so you can make some minor changes in the disassembled program so, before the point of encrypting data ready to be sent, this data is written to file or displayed for later analysis.