Hi Adam Thanks . Now is there a way to 'extract' a Pvt key from a cert file or that is confidential e.g. google, hotmail. etc.Is there any OTHER viable solution to sniff SSL traffic without creating a fake certificate with warnings
ThanksS
On Mon, Jan 18, 2010 at 10:59 AM, St. Onge,Adam
<ASTONGE@xxxxxxxxxxxxx> wrote:
The wiki has good coverage on this (http://wiki.wireshark.org/SSL) but not
really applicable to Penetration testing unless you have already compromised the
web server and got the Private key.
Hi Folks
I am interesting in using Wireshark for Penetration Testing work. SSL has
always intrigued me. I heard it is poss to decrypt traffic using WS.
Wireshark documentation. Has more stuff on it but it all sounds so Greeky. I
can't follow squat of that .
Can SOMEONE PLEASE point to some video tutorial or gimme a plain and simple
tutorial how this is done.
What'd be the success rate . Did anyone have luck doing this with some
9/10 success . Please help
Thanks
S
==============================================================================
This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
