17

I'm preparing a presentation on Skype networking. And I'd like to demo decryption.

I found a good approach to decrypting the TLS packets captured with WireShark in this blog post:

And I'd like to replicate the general setup scheme on Linux but without using the proprietary tools from the original setup shown here:

Original SSL interception setup

I've looked around and found that ssldump could be a suitable tool but some of the tutorials on it are quite complicated. Moreover, they use ssldump independently and without WireShark.

Background:

  • Just to clarify, this is for research purposes so you can assume that we have all the certificates or permissions that might be required.

My question is:

  • Has anybody reproduced this scheme with free tools?
  • If so, what would be the main steps to follow?
StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86
user1868607
  • 279
  • 1
  • 3

1 Answers1

1

After reading this post you provided, they only seem to be doing MITM and re-signing the certificates that Skype is using during the transmission (something really common when we use HTTP/S proxies), but in this case, for other TCP traffic that is not HTTP.

TCPcatcher may help you, more specifically, this tutorial (as a guidance, but applying for Skype ports/protocol): http://www.tcpcatcher.org/monitoring_IMAPS.php

Also, take a look at this thread, where they discuss about doing SSL MITM for all kind of TCP traffic: https://security.stackexchange.com/a/33376

Hope it helps.

BBerastegui
  • 525
  • 3
  • 9