Hello all, I'm trying to decrypt traffic that is going from and coming into my chat client (tldr I want to forward it, unencrypted). I see from wireshark that it is using a TLSv1.1 style handshake to set up the encryption. I don't fully understand the process of what's going on here. The overall question is, if the chat client can encode and decode information going to and coming from the server, why can't I? I would think this should be as easy as finding the RSA key file stored on my local machine. asked 14 Mar '15, 17:03 Annomaly edited 14 Mar '15, 17:27 Jim Aragon |
One Answer:
In an RSA handshake, the client uses the public key in the certificate from the server to encrypt the premaster secret. The server is able to use its private key to decrypt the encrypted premaster secret. Then both client and server are able to use the premaster secret to create a session key for the encryption/decryption of the data stream. Wireshark also uses the private key from the server to decrypt the premaster secret (which is sent by the client in the ClientKeyExchange handshake message). But as said, it is stored on the server, not the client. answered 15 Mar '15, 12:15 SYN-bit ♦♦ |
Interesting. As far as I can tell the data is encrypted. To me that simply means: No text visible in any of the packets, I can't string.search(msg).
I can, however, view the premaster secret. I assume the private key is sent encrypted and session based, however, there must be a way to capture this. After all, I'm trying to "decrypt" my own messages.