Jump to content
Sign in to follow this  
herman

HTTPS Decoding Question

Recommended Posts

herman

Hi all, 

 

Recently I played around with some embedded devices (no, not the Hikvision). On one of them I found a private RSA key and a certificate file. These are used to implement HTTPS as far as I can see right now. It does not seem to be used for SSH authentication.

 

Let's say I can take these files off the device and have a PCAP file with traffic between the device and a workstation configuring the device over HTTPS:

 

How could I decode this? My current thought is looking into OpenSSL and some scripting or coding to load the private key and PCAP file, then decode it and store the output. 

 

Would this be the right way, is there something easier, any pitfalls? Thanks for thinking along  :)

Share this post


Link to post
Francesco

Hi Herman,

you may be able to decrypt it by setting the options in Wireshark -> Edit-> Preferences -> Protocols -> SSL -> and then you can add a list of RSA keys to use.

Share this post


Link to post
herman

Thanks! That sounds a bit faster ;-) I'll try it out if I find a way to receive a PCAP. Otherwise I create a lab later on as test.

Your post reminds me I should actually read the Wireshark books I have, some day...

Share this post


Link to post
GiRa

If you cannot decrypt the traffic with Wireshark, this means that the handshake between the party creates a session key with PFS. Probably using DH.

  • Like 2

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×