Jump to content
Sign in to follow this  
Followers 0
herman

HTTPS Decoding Question

By herman, in Tutorials and Further study

Recommended Posts

herman    48

herman
Posted

Hi all, 

 

Recently I played around with some embedded devices (no, not the Hikvision). On one of them I found a private RSA key and a certificate file. These are used to implement HTTPS as far as I can see right now. It does not seem to be used for SSH authentication.

 

Let's say I can take these files off the device and have a PCAP file with traffic between the device and a workstation configuring the device over HTTPS:

 

How could I decode this? My current thought is looking into OpenSSL and some scripting or coding to load the private key and PCAP file, then decode it and store the output. 

 

Would this be the right way, is there something easier, any pitfalls? Thanks for thinking along  :)

Share this post

Link to post

Francesco    580

Francesco
Posted

Hi Herman,

you may be able to decrypt it by setting the options in Wireshark -> Edit-> Preferences -> Protocols -> SSL -> and then you can add a list of RSA keys to use.

Share this post

Link to post

herman    48

herman
Posted

Thanks! That sounds a bit faster ;-) I'll try it out if I find a way to receive a PCAP. Otherwise I create a lab later on as test.

Your post reminds me I should actually read the Wireshark books I have, some day...

Share this post

Link to post

GiRa    459

GiRa
Posted

If you cannot decrypt the traffic with Wireshark, this means that the handshake between the party creates a session key with PFS. Probably using DH.

  • Like 2

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Tutorials and Further study
×