SSL sniffing of XP, can be done in number of ways, it can be done with a SDK which is relevant for commercial applications or it can be done with a SSL Sniffer, you can even use Wireshark, but for that you must have the SSL key.
Barak
Posts Tagged ‘SSL’
SSL sniffing of XP
Sunday, March 21st, 2010SSL Decrypt
Wednesday, March 17th, 2010There are number of ways to perform SSL Decrypt and it’s up to the programmer to decide what works best for him:
- Using a product/SDK that isn’t modifying the SSL certificate (like SSL Decryptor) but it’s targeted per specific browser, Komodia’s SSL Decryptor works with FF and IE.
- Using a product/SDK that performs manipulation on the SSL certificate but isn’t alerting the user (like SSL Digestor), this product is more general and works with all browsers and the popular mail clients.
- Using open source proxy which changing the certificate and alerts the user, basically they pefrom MITM attack, using these solutions is good for debug purposes.
Barak
Winsock lsp ssl trace
Monday, March 1st, 2010Winsock LSP and SSL is a complex and simple issue 
basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.
Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:
- Originating application.
- Source Address/Port.
- Destination address/Port.
- Certificate.
Barak