Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Decryption of openssl packets with static certificates

Tags:

security

openssl

I am working on an ethical hacking project to monitor all the encrypted packets through OpenSSL. I do have both the public and private keys (cert files). My application code snippet for regular packet decryption is as follows: 

 SSL_library_init();
 ctx = InitCTX();
 server = OpenConnection(hostname, atoi(portnum));
 ssl = SSL_new(ctx);      /* create new SSL connection state */
 SSL_set_fd(ssl, server);    /* attach the socket descriptor */
 ShowCerts(ssl);        /* get any certs */
 SSL_write(ssl,acClientRequest, strlen(acClientRequest));   /* encrypt & send message */
 bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
 SSL_free(ssl);        /* release connection state */

SSL_read basically gets the certificate at the time of handshaking and utilizes it for decrypting the data. Is there any way to provide the same certificate offline for decryption of data.

Any help/pointers would be highly appreciable.

like image 315
Anshul Avatar asked Jan 16 '18 14:01

Anshul

1 Answers

Generally TLS is gravitating to ephemeral key exchange, DHE or ECDHE. With ephemeral key exchange the session key (pre-master secret and master secret) are calculated using key agreement with temporary Diffie Hellman keys rather than the RSA or ECDSA key pair that is part of the certificate. So often you cannot do this.

You can however explicitly select one of the older RSA_ ciphersuites. In this case the pre-master secret is encrypted on the client side using the server's public key. The private key of the server can then decrypt this pre-master secret, calculate the session keys using the PRF (HMAC based key derivation) and then verify / decrypt all the packets.

It should be possible to do this using Wireshark, yes.

Note that TLS 1.3 will not support the RSA_ ciphersuites anymore. You would have to capture a public key of the client and private key of the server, the public key of the server and a private key of the client, or indeed the session keys directly to decrypt the traffic. Actually, that was one of the common complaints for TLS 1.3; that decrypting the traffic afterwards is not possible. That's however by design; the NSA cannot do this either.

like image 68
Maarten Bodewes Avatar answered Oct 02 '22 05:10

Maarten Bodewes
Sign in to Comment

Related questions

Reading data from a security token in a browser
how does big companies like google, amazon, manage their private key infrastructure?
spray security: how to protect routes?
Securing a Thrift server aginst the POODLE SSL vulnerability
Strategies for safely storing and using user credentials testing environments
Difference between HTTP Splitting AND HTTP Smuggling?
How to check if user is a Domain User or Local User?
Protecting twitter keys on Android
Should I use ValidateAntiForgeryToken in every POST request? [closed]
Veracode Insecure Temporary File error when using java.io.File.createTempFile
AcceptSecurityContext fails when application is running as a service
Security concerns with base64 encoded images
In Rails, can the secret_key_base be updated without losing previously signed data?
Why does Spring Security use default pre authentication checks?
Where to put security when using DDD - domain driven design
Secure Excel Workbook (with VBA) from reuse with different data
How in Django/Python can I ensure safety from WYSIWYG-entered HTML?
Since which java version SHA-256 and SHA256withRSA are supported for timestamp at signed jar files
Does the JSSE in Oracle JDK8 implements TLS Fallback SCSV?
Should I send the id token from my SPA to my rest backend?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!