OSQA is unmaintained. Help us figure out where to go from here.

Hello Sharkers :D

Some time we need to investigate SSL traffic on some servers, we do have the SSL certificate for that server but the issue is after trying to decrypt the captured PCAP we are not able to decrypt it.

Little bit of research we found that SSL certificate uses Diffi-Helman which couldn't be decrypted with the SSL Cert.

Since we are the owner of the servers, is there anyway to capture the traffic and decrypt it or even to capture it as HTTP traffic from the server itself?

asked 14 Jul, 14:51

rami's gravatar image

rami
62
accept rate: 0%


If you own the server, these are your options for SSL/TLS decryption:

  • Force use of a cipher suite which uses the RSA key exchange. Disadvantage: loses the forward secrecy property which would be provided by a Diffie-Hellman key exchange.
  • Tap the keys from the server process. If you have a webserver using the OpenSSL cryptographic library (e.g. nginx or Apache), then see this post for an approach using a debugger or a interposing library.
permanent link

answered 15 Jul, 09:35

Lekensteyn's gravatar image

Lekensteyn
2.1k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×316

question asked: 14 Jul, 14:51

question was seen: 146 times

last updated: 15 Jul, 09:35

p​o​w​e​r​e​d by O​S​Q​A