OSQA is unmaintained. Help us figure out where to go from here.

Hello,

I am trying to decrypt a https connection on my machine with java.
For that reason I have a system variable set so that Firefox puts the ClientRandom into a txt file. Now when I open a capture with Wireshark and give it access to the txt file with the ClientRandom, it can decrypt the whole sslstream.
I am now wondering how Wireshark does it. After reading some pages explaining how SSL/TLS works (explaining RFC of TLS) I wonder how to get the Pre-master-secret, since I don't know the private exponent d from the server.
I can see in Wireshark that I send the encrypted PreMaster in the Client Key Exchange, Change Cipher Spec, Finished package. But to decrypt this I would need the private exponent d from the server, wouldn't I?

Any help is very much appreciated.
Kind Regards

asked 18 Feb '16, 06:59

monkey521's gravatar image

monkey521
31337
accept rate: 0%


With just the Random from the Client Hello message you cannot decrypt anything. The SSL keylog format (as originally created by Mozilla for the NSS library) stores both the Client Random and the master secret. Wireshark will then try to map the Client Hello to a master secret which can then be used for decryption.

Since the master-secret is available, the RSA-encrypted pre-master secret does not have to be decrypted. See also slides 6-9 from this presentation on SSL decryption using Wireshark for the relation between various parameters.

permanent link

answered 18 Feb '16, 09:51

Lekensteyn's gravatar image

Lekensteyn
2.1k3724
accept rate: 30%

Ok, thank you. In the txt file it says ClientRandom in front of the line but as you stated there seems to be the CR and MS, because with only one line in the file i can decrypt the whole traffic in Wireshark.

(19 Feb '16, 05:23) monkey521
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×316
×162
×73
×69
×56

question asked: 18 Feb '16, 06:59

question was seen: 1,681 times

last updated: 19 Feb '16, 05:23

p​o​w​e​r​e​d by O​S​Q​A