ssl decryption (https) - SSH

This is a discussion on ssl decryption (https) - SSH ; Hi, I would like to know is it possible to decrypt ssl connection established by web browser (IE) on my machine. I'm using java app, which get some data, and i want to transform this data on my own need ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: ssl decryption (https)

  1. ssl decryption (https)

    Hi,

    I would like to know is it possible to decrypt ssl connection
    established by web browser (IE) on my machine. I'm using java app, which
    get some data, and i want to transform this data on my own need (browser
    establishes secure connection)

    Thanks for help

    Ambler



  2. Re: ssl decryption (https)

    Ambler wrote:

    > Hi,
    >
    > I would like to know is it possible to decrypt ssl connection
    > established by web browser (IE) on my machine. I'm using java app, which
    > get some data, and i want to transform this data on my own need (browser
    > establishes secure connection)
    >


    I'm not sure what was your problem, but you could set up ssl proxy (such as
    stunnel, see www.stunnel.org) so your browser could connects in plaint text
    to the ssl proxy and ssl proxy does the encryption to the destination
    server.

    With SSL proxy (that can be on the same machine) traffic could look like
    this:

    Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination

    Could this be what you are looking for? At least you traffic would pe plain
    text and readable.

    Regards
    Kimmo Koivisto

  3. Re: ssl decryption (https)


    Uzytkownik "Kimmo Koivisto" napisal w wiadomosci
    news:dv1rlb$2vv$1@phys-news4.kolumbus.fi...
    > Ambler wrote:
    >
    > > Hi,
    > >
    > > I would like to know is it possible to decrypt ssl connection
    > > established by web browser (IE) on my machine. I'm using java app,

    which
    > > get some data, and i want to transform this data on my own need (browser
    > > establishes secure connection)
    > >

    >
    > I'm not sure what was your problem, but you could set up ssl proxy (such

    as
    > stunnel, see www.stunnel.org) so your browser could connects in plaint

    text
    > to the ssl proxy and ssl proxy does the encryption to the destination
    > server.
    >
    > With SSL proxy (that can be on the same machine) traffic could look like
    > this:
    >
    > Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination
    >
    > Could this be what you are looking for? At least you traffic would pe

    plain
    > text and readable.
    >
    > Regards
    > Kimmo Koivisto



    That's great idea Kimmo and it works great, thanks a lot. But i have a
    small problem

    >Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination


    How to see plaint text in real time like in a sniffer? I think it could be
    done when stunnel works on a computer of my neighbour and i will sniff
    packets and transform them in my soft. Maybe you know any option in stunnel
    which will be useful for me so proxy will work on my machine.

    Regards
    Ambler



  4. Re: ssl decryption (https)

    Ambler wrote:

    > That's great idea Kimmo and it works great, thanks a lot. But i have
    > a small problem
    >
    >> Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination

    >
    > How to see plaint text in real time like in a sniffer? I think it
    > could be done when stunnel works on a computer of my neighbour and i
    > will sniff packets and transform them in my soft. Maybe you know any
    > option in stunnel which will be useful for me so proxy will work on
    > my machine.


    There are tools for this sort of thing: I know one company in Boston,
    "Sandstorm", that sells this sort of tool.



  5. Re: ssl decryption (https)

    Ambler wrote:

    > That's great idea Kimmo and it works great, thanks a lot. But i have a
    > small problem
    >
    >>Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination

    >
    > How to see plaint text in real time like in a sniffer? I think it could be
    > done when stunnel works on a computer of my neighbour and i will sniff
    > packets and transform them in my soft. Maybe you know any option in
    > stunnel which will be useful for me so proxy will work on my machine.
    >


    Well, you can run stunnel on your own workstation (where your application
    runs) and still you are able to use sniffer. Just configure stunnel to
    listen your workstation 127.0.0.1 port X and connect it to remote address Z
    port Y.

    You can use libpcap to sniffer traffic or if easier, you can do your own tcp
    proxy (check out rinetd for source code) and get the traffic from there.

    Regards
    Kimmo



  6. Re: ssl decryption (https)


    Uzytkownik "Kimmo Koivisto" napisal w wiadomosci
    news:dv21d8$5hk$1@phys-news4.kolumbus.fi...
    > Ambler wrote:
    >
    > > That's great idea Kimmo and it works great, thanks a lot. But i have a
    > > small problem
    > >
    > >>Browser --plain-text--> [ssl-proxy] --ssl-enc--> destination

    > >
    > > How to see plaint text in real time like in a sniffer? I think it could

    be
    > > done when stunnel works on a computer of my neighbour and i will sniff
    > > packets and transform them in my soft. Maybe you know any option in
    > > stunnel which will be useful for me so proxy will work on my machine.
    > >

    >
    > Well, you can run stunnel on your own workstation (where your application
    > runs) and still you are able to use sniffer. Just configure stunnel to
    > listen your workstation 127.0.0.1 port X and connect it to remote address

    Z
    > port Y.
    >
    > You can use libpcap to sniffer traffic or if easier, you can do your own

    tcp
    > proxy (check out rinetd for source code) and get the traffic from there.
    >
    > Regards
    > Kimmo


    Im afraid sniffer like ethereal or iris can't sniff inner packets, it only
    shows these which come from outside. I tried them and did not find it
    implemented.

    Ambler



  7. Re: ssl decryption (https)


    This thread is off-topic, by the way: this group is about SSH, not SSL.

    --
    Richard Silverman
    res@qoxp.net


  8. Re: ssl decryption (https)

    "Richard E. Silverman" (06-03-12 21:41:15):

    > This thread is off-topic, by the way: this group is about SSH, not SSL.


    Yes. But one last thing needs to be said. It would be much easier to
    establish a transparent proxy (e.g. Squid) between the client and the
    SSL tunnel. Maybe, Squid already comes with the functionality you need,
    making the development of a custom sniffer unnecessary.


    Regards.

  9. Re: ssl decryption (https)

    >>>>> "ES" == Ertugrul Soeylemez writes:

    ES> "Richard E. Silverman" (06-03-12 21:41:15):
    >> This thread is off-topic, by the way: this group is about SSH, not
    >> SSL.


    ES> Yes. But one last thing needs to be said. It would be much
    ES> easier to establish a transparent proxy (e.g. Squid) between the
    ES> client and the SSL tunnel. Maybe, Squid already comes with the
    ES> functionality you need, making the development of a custom sniffer
    ES> unnecessary.

    OK, I'll add another off-topic comment. I don't really understand what
    the OP wants to accomplish, but it's worth noting that if you have the
    server's private key and the TLS session is using a non-PFS ciphersuite,
    then ssldump can eavesdrop on the session.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread