Results 1 to 4 of 4

Thread: Tools for SSL Decryption

  1. #1
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Tools for SSL Decryption

    During VAs or Pentests we often find web servers that have weak ciphers like "EXP-RC2-CBC-MD5" enabled. Does anyone know of a tool (or set of tools) that will/can actually decrypt said weak ciphers?

    I know SSLStrip can be used to fool someone into thinking they have a SSL connection when they don't actually. But I'm looking for something that can actually decrypt traffic which was encrypted using weak ciphers (either real time of after the fact from PCAP).

    I know ssldump can do it "if" you have the keying material. But the obvious idea here is that all you have is traffic based on a weak cipher suite.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Thorin check Xplico
    I believe the latest version now includes support for decrypting ssl.
    I am not 100% sure but I think that when I was reading about it over at packet-storm ssl was mentioned.
    If I get the chance I will look too.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    I was actually idly musing about how to do that yesterday! Report back if you have any luck with this!

    Im assuming the key exchange for the symmetric encryption used for the majority of the SSL session is still pretty well protected during the asymmetric encrypted portion of the exchange. So you would probably need to take advantage of weaknesses in the cipher, protocol implementation, or key generation for the symmetric encryption algorithm to get at the cleartext data. Either that or brute force the symmetric key. It's an interesting topic....
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Sadly I didn't end up finding anything. I'll continue to hunt but I ended up proceeding with the engagement/report without the details
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •