If we inspect that handshake, more precisely, looking at the Server Hello packet, we see that a cipher suite was selected that relies on RSA and AES:ĭata encrypted with this cipher suite can be decrypted by Wireshark when we provide the private RSA key of the server.
Here is a screenshot of the packet capture for this HTTPS traffic:įollowing the TCP stream shows that the data is encrypted (except for some parts during the handshake, like the certificate): I choose the other options to produce as much information as possible: downloaded content (01.data), headers (01.headers) and a trace file (01.trace). Option –insecure is necessary because I’m using a self-signed certificate. To force a cipher suite that is based on RSA for the exchange of the pre-master secret, I use options –tls-max 1.2 and –ciphers AES256-SHA. I use the following curl command with options to force a TLS encryption method that is based on a pre-master secret that is encrypted with the public RSA key of the server:Ĭurl.exe –verbose –insecure –tls-max 1.2 –ciphers AES256-SHA –dump-header 01.headers –output 01.data –trace 01.trace –trace-time I use curl for Windows build with OpenSSL, and not the curl version distributed with Windows 10, that relies on schannel. I use my TCP honeypot to set up a web server, and curl to request a page over TLS. Remark that this method will not work with modern browsers and web servers, as they use perfect forward secrecy.
This master secret is derived from a pre-master secret, which is securely exchanged between the client and server using RSA crypto. I made my example as such, that the encryption in this example is done with keys derived from a master secret. In this first example, I show how to decrypt a TLS stream with Wireshark.
0 kommentar(er)
