A
A
aronsky2012-09-25 13:55:56
Computer networks
aronsky, 2012-09-25 13:55:56

TLS and SSL decryption?

Sometimes there are such projects that it is impossible to understand from which side to approach them.
The task has arrived:

The scope of the project is to develop a component to decrypt SSL traffic.
Here are the high-level requirements of this project:
  1. We develop over Linux (Debian)
  2. Server certificates will be provided by customers for the extraction of private keys — the required module needs to support multiple certificates simultaneously
  3. The required decryption module will use the given certificates to extract HTTP traffic from HTTPS
  4. The clear-text traffic will be replayed through a virtual network interface as normal HTTP
  5. Justniffer will be the tool that sniffs the clear-text HTTP traffic from the virtual interface, thus the format of the traffic shall be Tcpdump-compatible


How realistic is it to do so? Where can I get enough literature on SSL? Where do you even start?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
J
JDima, 2012-09-25
@JDima

Is quite real. Moreover, it has been done for a long time.
wiki.squid-cache.org/Features/SslBump as an open source example on this topic.
(generally search for "SSL man-in-the-middle")

M
Maximus43, 2012-09-25
@Maximus43

The terminology in the TOR was a little jarring, namely:
item 2. - the server certificate, like any certificate, cannot contain a private key, so there is nothing to extract there. The key pair can be contained in p12, pfx files, or in separate PEM or DER files. A certificate is just a public key plus metadata, and it's all signed with the CA's private key. Or maybe we are talking about brute force of the private key on the public key? :-)
p. 3. - In HTTPS, certificates are used to create a symmetric session key, then all traffic is encrypted with this key. The session key can change several times during the session. Therefore, the requirement to use the provided certificates to isolate HTTP from HTTPS sounds strange to me. Here you need to listen to the process of generating a session key and only then decrypt the traffic with this key.
TK was written by some amateur, IMHO

S
Sergey, 2012-09-25
@bondbig

Everything was correctly written by JDima, everything has already been written. Under Linux, there is also ssldump, it is generally under a BSD license, which means you can use its source codes in commercial projects.

R
rapidsslonline, 2014-07-02
@rapidsslonline

TLS and SSL both are the similar products and they work on the same algorithm, so there is no doubt that if you learn SSL certificate security then you will understand about TLS automatically. If you want in-depth view on SSL certificate and knowledge about SSL certificate, then would advise you go through below enlisted platforms which offers good knowledge about SSL certificate security!
SSL certificate information center - www.symantec.com/page.jsp?id=ssl-information-center
SSL knowledge article, www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
SSL products detail research and blogs - https://www.rapidsslonline.com/blog/

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question