Hi,

I am capturing traffic using ethereal, and i am trying to decrypt the https data.

If you think it can't be done, think again: I was able to do it under M$ Windoze with "cain and abel". It shows all the passwords send over https.

Any ideas will help!!

Thanks

PS: I am not using it for anything illegal!! I am trying to see what others could do to my network. Please don't spam this post saying: "We won't tell you how to do this, it's illegal, noob!"

Please redirect comments to the same thread here.

Hi,

I'm not familiar with the tool you mentioned nor the conditions under which you performed that test. Even though I'm not exactly a "guessing" fan, I'd say that that tool somehow gets hold of the master key sometime during the SSL handshake. Since that master key is defined by the client, and (I'm gessing here...) the tool is running on the client, it could make that possible.
I'd like to see (I'll try it as soon as can) that tool working in a 3rd machine sniffing traffic from/to the client (maybe on a proxy or something). I don't really believe in a brute force attack against the cipher strengths involved in the process (although I could be wrong). The master key is passed to the server encrypted with the server's public key (only way to see this is having the server's private key) and from then on the symmetric master key is used. Of course there's a zillion scenarios I could imagine that would make it possible to perform that ( I could have gotten hold of the server's private key somehow, some replay attacks, etc.) but not through a tool in so little time...


With this redirection thing I didn't see it was already answered...

Cheers