Results 1 to 4 of 4

Thread: Why does some SSL traffic decrypt and others don't

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    21

    Talking Why does some SSL traffic decrypt and others don't

    Hi, been doing/practicing MITM with ettercap and it's cool with things like basic passwords and hotmail and gmail.....

    however I want to know why is it that some traffic won't dump e.g dump the username/password ????

    I mean is it the version of ssl? because as far as I know it is flawed and vulnerable enough for us to be able to do what was not supposed to be able to be done - get the passwords and usernames.........

    I thought it might be something to do with html gziping the traffic ....like a deflate command is that valid reasoning????? I think it's what my bank does


    can anyone post good a tutorial on ettercap mitm and gzipping/ungzipping or perhaps some of the reasons why some traffic dumps and decrypts and others don't????


    please

  2. #2
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    21

    Red face bump_

    Hey, don't want to push it but it's a valid question that if answered correctly would shed alot of light on questions i'm sure alot of noobs (like me) are wondering

    and it might save us some time asa whole in perfecting our skills


    pleaseeeeeeeeeee

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I haven't encountered this yet but I would imagine it's some combination of factors.

    1) Algorithm in use (AES, RC4, etc....)
    2) SSLv1, SSLv2, SSLv3, TLS
    3) Validity of cert.
    4) Compression of http traffic.
    5) Whether the secure attribute of the session token is set.
    6) Whether you actually captured the entire SSL handshake/negotiation.

    Etc...

  4. #4
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    21

    Talking cheers

    thanks for that

    it's interesting...............and it also gives me alot of reading and googling homework

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •