I have a C++ application that has a SSL/TLS communication with its own server and i don't have any access to that server. I'm trying to find out what is it sending from my PC to the server. I tried burp and fiddler as man-in-middle but it didn't work. The application does not support Proxy so i tried routing the traffic using proxifier to burp and fiddler but it didn't work. So I came up with these articles https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415 and http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id I just need to know , How I can find Master-key and Session-ID to decrypt SSL/TLS trafic. asked 04 Aug '14, 06:36  izeid |
One Answer:
That's a feature of certain web browsers, and in the case of your posted link, the openssl client. If you did not add that functionality to your own C++ application, meaning to export the SSL session keys, it won't be there. Regards answered 04 Aug '14, 06:47  Kurt Knochner ♦ |
First of all, The application is not mine.So in my case, What should i do step by step ?
Contact the vendor of that software. Unless he added code to export the SSL session keys, there is nothing you can do. Sorry!