On your site here, you have shown an example of decrypting packets that were sent from Client to Server. (C => S)

But I want to decrypt the OTHER DIRECTION. I want to see all SSL-Traffic in plaintext. That means I want the incoming traffic in plaintext. (I am the Client)

I am currently wondering.. do I need a PRIVATE KEY for me?? If yes, why(?) AND where AND how do I get this KEY? (my Private Key) Or does the software decrypt incoming traffic automatically becaue I am the Receiver of the package?

Thank you.

Hi Jens,

You only require the servers private key in order to decrypt both directions. The private key must be in unencrypted PCKS#8 format. Post a message here if you have difficulty with this format.

We have made major improvements to SSLv3/TLS decryption in our new build (#1222) based on feedback from some early users. You can get an early access from www.unleashnetworks.com/lib/setup_unsniff_R_1_0_1_1222.msi . It will be publicly released sometime in the next 2 weeks.

One of the major features of the new build is the ability to decode higher layer protocols which are layered on top of SSL/TLS. This allows you to reconstruct HTTPS streams (including web pages) or decode protocols that are tunneled via stunnel.

Try it and give us feedback.

Best Regards,
Vivek Rajan
Unleash Networks

Well, I am wondering WHY I need to have the private Key from the Server?? This does not make any sense.

I want to capture and decrypt all traffic that is sent from the Server to ME. That means, the server encrypts the data he wants to send to me using my public key. And I use my Private Key (not the servers one) to decrypt it. Am I wrong? So, why do you talk about \"you need the servers private key\"?

The Problem I have now is that I do not know MY private key.. Or is there a way to decrypt this direction of SSLv3 automatically in Unsniffer? Except I have the Private Key from the Server.. Decryption of packages that were sent to me would not work.

Hope you can help me!<br><br>Post edited by: Jens, at: 2006/05/29 10:47

You require the SSL/TLS servers private key in order to decrypt the session. There is no way around it.

The clients private or public keys play no part in SSL/TLS. The client is not even expected to have a private/public keypair and indeed most clients do not have one. In SSL/TLS, the servers private/public key is used to quickly negotiate a symmetric key. After the initial negotiation of a symmetric key (the master secret), SSL/TLS does not use private-key/public-key cryptography. For more detail read this article: www.onlamp.com/pub/a/onlamp/2002/04/18/ssl.html


If you do not have the servers keying material (the private key), it is not possible to decrypt the session.

Regards,

Thank you for your detailed support.
Maybe I do not correctly understand the way SSL works.
I am not native English and my English is not good.
With all these SSL-Papers out I might have problems.

Always thought:

When I do request e.g.: www.myBank.com/myAccount.html
my Browser receives the ENCRYPTED header and source code. (ENCRYPTED = encrypted with the PUBLIC KEY from the Browser)
Now the Browser DECRYPTs encrypted packets using ITS PRIVATE KEY.
&lt;- What do I understand wrong?

Sorry, for my stupid questions.. <br><br>Post edited by: Jens, at: 2006/05/29 12:17

Hi Jens,

No problems. I think your questions are very valid and a lot of folks think that SSL/TLS uses public key cryptography (like you described) for encrypting data. That is not however not the case

Regards,
Vivek

PS: I am not a native english speaker either so dont worry about it