John Pierce

. CISSP, SLAE, Security+

WAP Challenge 12 - Decrypt SSL traffic given a key

In this exercise we're given a certificate, a private key file and a pcap with encrypted traffic.  All we have to do is decrypt the traffic.

My copy of Wireshark was looking for an RSA key, so I had to run:

openssl rsa -in apache.key.hold -out apache.key

Now the key has been changed from PEM (supplied) to RSA (required) format.

Once I run that, I open the pcap in Wireshark, go to [Edit][Preferences][Protocols][SSL] and enter the info in the form <ip>,<port>,<protocol>,<key file> and press apply. In this case:

127.0.0.1,443,http,/home/john/Desktop/SecurityTube/WAPChallenges/Challenge12/apache.key

Bob's your uncle.

 

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.