Hi there,

I downloaded the Unsniff trial version to test its TLS decryption features. I am particularly interested in decrypting resumed session.

For that purpose, I captured the entire traffic of an FTPS (implicit) connection and saved it as .pcap file. I then followed the instructions on www.unleashnetworks.com/resources/articl...tls-decryption.html.

Unfortunately, nothing happens and nothing is being decrypted. For example, I don't even see unsniff identifying the TLS handshake packets as such. Am I missing a step maybe?

The cipher used is RSA_WITH_AES_256_CBC_SHA, which I read is supported. Also, I am certain that I am using the correct key and have it imported correctly into unsniff.

Any advice?

Regards,
Nigel

HI Nigel,

You need to tell Unsniff that what ports should be considered as TLS.

1. Go to Plugins > Manage Access Points
2. Click on TCP
3. Click on "New TCP Access Point"
4. Specify the port & select TLS from drop down.

Can you try the above ?

Thanks,


Vivek. R.