![]() ![]() When you're recording pcaps for analysis or teaching it's good to get a clean capture. There's no secret SSL decrypting magic wand here. I should make a note here that this of course will only work on clients that you control enough to install a new certificate authority. However, we can approximate it very closely by saving the encrypted pcap with SSL session keys alongside it. ![]() Unfortunately it's not possible (as far as I can tell) to generate a pcap, decrypt the traffic, and save the decrypted version as a single pcap. Most tools just generate text files and logs of the decrypted SSL traffic but it's significantly easier to work with pcaps because they already have a wealth of existing tooling. I recently needed to make a packet capture (pcap) of decrypted SSL traffic. Whether it's debugging, security analysis, or just to have plaintext records of traffic, SSL can just get in the way. There comes a time in every engineer's life where it becomes necessary to decrypt SSL/TLS encrypted traffic. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |