Hey, i want to sniff packets coming from a mobile device and i'm gonna use tcpdump to sniff them, so i need to know if there's there any way to get the RSA key for decryption. asked 12 Jan '15, 02:17  LGMan |
One Answer:
Yes there is (assuming you're in a controlled environment where you are allowed to receive the private key), talk to the server administrator and ask him to give you the private key. It it is a public website you want to decrypt the traffic from, you will need to proxy the traffic through an SSL termination proxy and do the decryption with the key of your proxy. An example of such a proxy is fiddler2. answered 13 Jan '15, 04:28  SYN-bit ♦♦ |
Thanks, but is there a way to decrypt https from a pcap file? I usually make a hotspot for some coworkers and i want to keep track of what they're browsing and make sure they don't do anything bad [or illegal]. I have a jailbroken idevice and i used tcpdump to collect data.
Since the whole purpose of SSL is to make the contents of a transmission private between the client and the server, just capturing the traffic will not enable you to decrypt the traffic. You will need the session keys used (known only to the clients and the servers) or the private keys (only known to the servers) to decrypt the traffic.