This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL decrypting problem

0
1

We set up a test environment to experiment with sniffing related attacks. Basically it is an Apache2 server using https authenticating against an LDAP Active Directory. We have several pcap captures using tcpdump, tshark and wireshark done while users were authenticating. As the authentication involves the external LDAP server Apache can't use other method than basic plain text, so it should be pretty straightforward for an attacker to capture the data, and use the private key (providing he somehow manage to get it) to obtain the login information and cause havoc.

Nevertheless, we haven't been able to replicate that scenario with wireshark. Here is part of the debug log:

ssl_init keys string:
10.0.4.19,443,http,/home/jkane/Temp/snakeoil.key
ssl_init found host entry 10.0.4.19,443,http,/home/jkane/Temp/snakeoil.key
ssl_init addr '10.0.4.19' port '443' filename '/home/jkane/Temp/snakeoil.key' password(only for p12 file) '(null)'
Private key imported: KeyID 2d:71:01:cc:75:09:3d:34:7d:ff:1b:6c:d2:aa:9e:44:...
ssl_init private key file /home/jkane/Temp/snakeoil.key successfully loaded
association_add TCP port 443 protocol http handle 0x7f3c2c1b46d0

dissect_ssl enter frame #146 (first time) ssl_session_init: initializing ptr 0x7f3c146be980 size 672 conversation = 0x7f3c146be720, ssl_session = 0x7f3c146be980 record: offset = 0, reported_length_remaining = 3

dissect_ssl enter frame #151 (first time) conversation = 0x7f3c146be720, ssl_session = 0x7f3c146be980 record: offset = 0, reported_length_remaining = 10

dissect_ssl enter frame #153 (first time) conversation = 0x7f3c146be720, ssl_session = 0x7f3c146be980 record: offset = 0, reported_length_remaining = 4

dissect_ssl enter frame #817 (first time) ssl_session_init: initializing ptr 0x7f3c146d4df0 size 672 conversation = 0x7f3c146d4068, ssl_session = 0x7f3c146d4df0 record: offset = 0, reported_length_remaining = 175 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 170, ssl state 0x00 association_find: TCP port 37364 found (nil) packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 166 bytes, remaining 175 packet_from_server: is from server - FALSE ssl_find_private_key server 10.0.4.19:443 dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #818 (first time) ssl_session_init: initializing ptr 0x7f3c146d5188 size 672 conversation = 0x7f3c146d4400, ssl_session = 0x7f3c146d5188 record: offset = 0, reported_length_remaining = 175 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 170, ssl state 0x00 association_find: TCP port 37365 found (nil) packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 1 offset 5 length 166 bytes, remaining 175

dissect_ssl enter frame #823 (first time) conversation = 0x7f3c146d4068, ssl_session = 0x7f3c146d4df0 record: offset = 0, reported_length_remaining = 890 dissect_ssl3_record found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 48, ssl state 0x11 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 44 bytes, remaining 53 dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 ssl_restore_session can't find stored session dissect_ssl3_hnd_srv_hello can't find cipher suite 0x39 record: offset = 53, reported_length_remaining = 837 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 421, ssl state 0x13 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 11 offset 58 length 417 bytes, remaining 479 record: offset = 479, reported_length_remaining = 411 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 397, ssl state 0x13 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 12 offset 484 length 393 bytes, remaining 881 record: offset = 881, reported_length_remaining = 9 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 4, ssl state 0x13 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl4_handshake iteration 1 type 14 offset 886 length 0 bytes, remaining 890

I notice ‘no decoder available’ in all segments, no idea why. The private key is the one Apache uses by default, and I made sure according to the documentation that the format is the right one http://wiki.wireshark.org/SSL

Any suggestions?

asked 09 Dec ‘11, 11:51

Jacob%20Kane's gravatar image

Jacob Kane
1122
accept rate: 0%

Thanks for the reply, you’re totally right, we totally overlooked the whole cipher suite thing…

Great news actually! The current option in the table was changing the plataform to use NTLM as auth scheme.

(09 Dec ‘11, 13:31) Jacob Kane


One Answer:

6

The SSL session is using a DiffieHellman cipher (0x39 = TLS_DHE_RSA_WITH_AES_256_CBC_SHA). This means the session key is transferred encrypted with a dynamically generated keypair (instead of encrypted with the public key from the certificate). This means you can't decrypt this session with wireshark by providing the private key.

Have a look at the following for more info:

answered 09 Dec '11, 12:41

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%