Hi,
I'm not familiar with the tool you mentioned nor the conditions under which you performed that test. Even though I'm not exactly a "guessing" fan, I'd say that that tool somehow gets hold of the master key sometime during the SSL handshake. Since that master key is defined by the client, and (I'm gessing here...) the tool is running on the client, it could make that possible.
I'd like to see (I'll try it as soon as can) that tool working in a 3rd machine sniffing traffic from/to the client (maybe on a proxy or something). I don't really believe in a brute force attack against the cipher strengths involved in the process (although I could be wrong). The master key is passed to the server encrypted with the server's public key (only way to see this is having the server's private key) and from then on the symmetric master key is used. Of course there's a zillion scenarios I could imagine that would make it possible to perform that ( I could have gotten hold of the server's private key somehow, some replay attacks, etc.) but not through a tool in so little time...
With this redirection thing I didn't see it was already answered...
Cheers
Last edited by ncorreia; 10-11-2005 at 06:19 AM.
|