0

Full disclosure I am front end developer with hardly any knowledge of security trying to complete a security challenge. All info below I picked up in the last 12 hours so if it doesn’t make sense feel free to correct me. Lastly I don’t consider this cheating because I am not doing the challenge to get a job I was just bored tonight, but it’s 5.30am and I refuse to be beaten.

So far I have this :

The file is a pcap file I can open this pcap file in wireshark and see the TLS handshake Somehow I am meant to be able to decrypt the application data by generating a private key using the information about the cipher and other info in ‘Server Hello’ packet

I have only found 1 blogpost on how to do something similar, I am thinking that being in a security challenge this must be a common type of attack. Does this have a name and can anybody shed some light on how to go about this?

1 Answers1

1

Somehow I am meant to be able to decrypt the application data by generating a private key using the information about the cipher and other info in ‘Server Hello’ packet

It does not work this way. If it would be possible to decrypt the TLS traffic just by combining information found in the packet capture then TLS would be terrible insecure since then essentially every passive attacker could decrypt the traffic.

Instead you need for decryption the private key of the servers certificate in case of the obsolete RSA key exchange. In case of the preferred DH key exchange even having this private key is not sufficient but you'll need to extract the secret specific for this connection from the client or the server. See Decrypting TLS in Wireshark when using DHE_RSA ciphersuites and SSL on Wireshark Wiki for more information.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434