windows auditing
+ Reply to Thread
Results 1 to 3 of 3

Thread: decrypt SSL private key and sniffing

  1. #1
    Join Date
    Mar 2007
    Posts
    1

    decrypt SSL private key and sniffing

    Hi @ll,

    I have an application that sends data to a ******* server (i.e. [url]https://*******-server.com:44*[/url]) via port 44*. When I use WireShark to sniff the connection I can see, that SSLv* is used. I only see on the sniffing result, that SSL handshakes, authentification, exchaning keys, etc... occurs. But I am not able to see the application data which is sent through SSL. To be able to see that I need to have the proper private key.

    I heard that it's possible to get the private key of the SSL data by process monitoring and dumping my application. Someone told me that it can be done either by "userdump.exe" (by creating a dump file of the running application) or by lookin live into the process with "OllyDbg" for example. My problem is that I never worked with such deb***ers, neither with userdump.exe nore with a Deb***er. Can someone give me a hint where to find useful tutorials for doin' that? Any help appreciated.

    Big Thanks in advance!

  2. #2
    Join Date
    Sep 2006
    Posts
    1,649
    Here's a nice tutorial on using OllyDbg:

    [url]www.geocities.com/imdeathspawn/[/url]

    I'm not sure if it covers what you need, but it's a good tutorial on OllyDbg in general.

  3. #3
    Join Date
    Sep 2005
    Posts
    2,050
    Quote Originally Posted by Sloop View Post
    Hi @ll,

    I have an application that sends data to a ******* server (i.e. [url]https://*******-server.com:44*[/url]) via port 44*. When I use WireShark to sniff the connection I can see, that SSLv* is used. I only see on the sniffing result, that SSL handshakes, authentification, exchaning keys, etc... occurs. But I am not able to see the application data which is sent through SSL. To be able to see that I need to have the proper private key.

    I heard that it's possible to get the private key of the SSL data by process monitoring and dumping my application. Someone told me that it can be done either by "userdump.exe" (by creating a dump file of the running application) or by lookin live into the process with "OllyDbg" for example. My problem is that I never worked with such deb***ers, neither with userdump.exe nore with a Deb***er. Can someone give me a hint where to find useful tutorials for doin' that? Any help appreciated.

    Big Thanks in advance!
    Honestly, I doubt anyone here has the knowledge to help you in this area. What you're looking to do is directly view data currently stored in the RAM or modify the program to give you the plain-text communications.

    I would s***est learning yourself some assembly so you can make some minor changes in the disassembled program so, before the point of encrypting data ready to be sent, this data is written to file or displayed for later analysis.

+ Reply to Thread

Similar Threads

  1. Private Disk by Private Loader
    By Hacxx in forum Security & Encryption
    Replies: 5
    Last Post: 01-16-2015, 12:45 AM
  2. get decrypt please
    By n3wguys in forum General discussion
    Replies: 1
    Last Post: 01-02-2011, 07:59 AM
  3. decrypt text
    By magic_fingers in forum Security & Encryption
    Replies: 5
    Last Post: 02-19-2008, 03:58 PM
  4. how to decrypt cookies?
    By dendang in forum Security & Encryption
    Replies: 0
    Last Post: 01-29-2007, 09:23 PM
  5. how to decrypt?
    By Unregistered in forum Security & Encryption
    Replies: 4
    Last Post: 07-13-2005, 11:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts