Why does some SSL traffic decrypt and others don't
Hi, been doing/practicing MITM with ettercap and it's cool with things like basic passwords and hotmail and gmail.....
however I want to know why is it that some traffic won't dump e.g dump the username/password ????
I mean is it the version of ssl? because as far as I know it is flawed and vulnerable enough for us to be able to do what was not supposed to be able to be done - get the passwords and usernames.........
I thought it might be something to do with html gziping the traffic ....like a deflate command is that valid reasoning????? I think it's what my bank does
can anyone post good a tutorial on ettercap mitm and gzipping/ungzipping or perhaps some of the reasons why some traffic dumps and decrypts and others don't????