Retrieving a public RSA key through the command line

caseydk · 06-29-2011, 05:07 AM

I'm doing a project demonstrating weaknesses in facebook's security setup, and I've reached a bit of a roadblock.

I need to retrieve the public RSA key of the website (facebook) that it uses for https traffic. I know I can do this through firefox and everything, but I need to do it through the command line. If that's possible, that would be great, and would lead me to question number two. Once I have the public key, how would I use it to decrypt raw network traffic, like from wireshark, that came from facebooks servers that was encrypted using the public key?

If any of you guys know, I would really appreciate it.

Thanks!

acid_kewpie · 06-29-2011, 05:17 AM

The transmitted keys are generated dynamically, and so without being part of the encryption handshake you can't decrypt the data.

in terms of SSL and wireshark, just read up on it's wiki http://wiki.wireshark.org/SSL With the right credentials you can decrypt the stream, but it's a prety vague / odd system they've hacked into it.

There's a good discussion of the issues here: http://stackoverflow.com/questions/4...r-certificates

caseydk · 06-29-2011, 05:36 AM

Ahhhhhh, that bit on the public key being different for every session was news to me. Thank you for the clarification, I should have caught that somewhere. :P

chrism01 · 06-29-2011, 07:56 PM

If you want to play around with SSL from the cmd line, have a look at

Code:

openssl sclient -connect host:port

http://linux.die.net/man/1/openssl
http://www.openssl.org/docs/apps/s_client.html

acid_kewpie · 06-30-2011, 02:13 AM

s_client, not sclient.