Why does some SSL traffic decrypt and others don't

[andy1]

Hi, been doing/practicing MITM with ettercap and it's cool with things like basic passwords and hotmail and gmail.....

however I want to know why is it that some traffic won't dump e.g dump the username/password ????

I mean is it the version of ssl? because as far as I know it is flawed and vulnerable enough for us to be able to do what was not supposed to be able to be done - get the passwords and usernames.........

I thought it might be something to do with html gziping the traffic ....like a deflate command is that valid reasoning????? I think it's what my bank does


can anyone post good a tutorial on ettercap mitm and gzipping/ungzipping or perhaps some of the reasons why some traffic dumps and decrypts and others don't????


please

[andy1]

Hey, don't want to push it but it's a valid question that if answered correctly would shed alot of light on questions i'm sure alot of noobs (like me) are wondering

and it might save us some time asa whole in perfecting our skills


pleaseeeeeeeeeee

[thorin]

I haven't encountered this yet but I would imagine it's some combination of factors.

1) Algorithm in use (AES, RC4, etc....)
2) SSLv1, SSLv2, SSLv3, TLS
3) Validity of cert.
4) Compression of http traffic.
5) Whether the secure attribute of the session token is set.
6) Whether you actually captured the entire SSL handshake/negotiation.

Etc...

[andy1]

thanks for that

it's interesting...............and it also gives me alot of reading and googling homework