Wireshark-bugs: [Wireshark-bugs] [Bug 1252] Following SSL stream without server private key

Date: Thu, 5 Apr 2007 23:09:05 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1252


luis.ontanon@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Comment #3 from luis.ontanon@xxxxxxxxx  2007-04-05 23:09 GMT -------
In Java JSSE (the standard way of doing encrypted sockets there), you actually
are running in the same process that handles the encryption and can ask it to
dump the data.
In wireshark we capture encrypted packets, there is no feasable way to obtain
the key of a given ssl session (TLS would be completely useless if there was
one).

What you can do is a man-in-the-middle type of attack using an tls-tls proxy,
as you run the proxy you know the server key and you use that to decrypt. On
the client side you'll need to modify the certificates and allow your bogus
server cert to be used for that session.

We can't do nothing about it.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.