TLS RSA Key Extraction (Help/Hint Wanted)
HI all,
Hope you are all safe!!
I need some help with an exercise I have if anyone can help?
The task is, given a PCAP file, I believe I need to extract a private key from within the PCAP, and then re-apply said key to the same PCAP file via WSharks preferences > SSL > etc... to decrypt the traffic.
I am pretty certain I have found the Private Key, and have extracted and saved it to a text file.
"-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAg....etc..etc..."
I then try to reapply the key in the aforementioned preferences, but it doesn't work.
I have been trying this for about 2 weeks now, and have probably watched half of youtube and read 2 dozen articles of the on-the-line content on the webznet. I have also now started to doubt myself and think i need to use PreMasters etc.. which I have also located.
Could someone please point me in the right direction? Please don't give the answer. A document or youtube, or anything I can use to move forwards would be great.
Thanks. C.
If you've read this much already you should know that it comes down to the details. Of these you provide little, so it's then hard to point to 'the right article'. For starters, what did you learn about the TLS connection so far?
So I know that during a TLS connection being established there is a handshake and things go on, but most importantly they exchange keys. I believe it is these keys that I need to identify, and extract, which again I have done so I think, identifying the "Server Hello, Certificate" packet in the PCAP. ( I was going to upload a screen shot but the system wont let me until i have 60 points so I put it here instead : https://ibb.co/YkWzkRt )
I then need to tell Wireshark to use this key to decrypt any encrypted traffic within the PCAP file, thus revealing the SSL traffic in plain text.
I am stuck at knowing that I have the right pieces or not. Once I know I have the right pieces, I can probably move on from there.
Thanks. C.