Wireshark-users: Re: [Wireshark-users] Decrypt SSL packets using master-key?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Alex <alex323@xxxxxxxxx>
Date: Fri, 26 Dec 2008 10:12:24 -0500
On Fri, 26 Dec 2008 09:14:11 +0100
Sake Blok <sake@xxxxxxxxxx> wrote:

> If I understand you correctly, the following are the case:
> - You have no influence on the ciphers that the client uses
> - You have no influence on the ciphers that the server accepts
> - If you limit the accepted cipher list on the MITM program to non-DH
>   ciphers, communication with the client fails (ie the client does not
>   present non-DH ciphers in the "client hello").
> - If you limit the offered ciphers in the "client hello" from the MITM
>   program to the server to non-DH ciphers, the server won't set up the
>   SSL session
> 

Precisely.

> In that case, you can not trick Wireshark into decrypting the SSL
> session. But if you came this far by writing a MITM program, you might
> also be able to alter the SSL dissector in Wireshark to accept Master
> Secrets. Have a look at the following files in the source tree:
> 
> epan/dissectors/packet-ssl.h
> epan/dissectors/packet-ssl.c
> epan/dissectors/packet-ssl-utils.h
> epan/dissectors/packet-ssl-utils.c
> 
> I know there is more demand for decryption of SSL sessions that use a
> DH-cipher, there are just not that many situations where one can
> extract the (pre) master secret to be able to do so. So if you
> succeed in writing the code yourself, please attach the patch to
> bugzilla so that it can be reviewed for inclusion in Wireshark.
> 
> And if you are not able to write the code yourself, then you could
> file an enhancement request as mentioned earlier. But it is not said
> if and when it will be picked up by anyone.
> 

I will definitely look into coding that. Thank you. :)

-- 
Alex

Attachment: signature.asc
Description: PGP signature