10

Is it possible to decrypt SSL traffic in Wireshark if you do not have the server certificate?

I making some tests with SSL and Wireshark and people out there claim that Wireshark only decrypts SSL if the certificate is provided.

But isn't SSL certificate provided to the client when he connects? So basically someone could just capture the SSL certificate and perhaps use it maliciously?

cprogcr
  • 203
  • 2
  • 5

3 Answers3

12

To decrypt you need the private key. The server's certificate, sent as part of the initial steps of the SSL connection (the "handshake"), only contains the public key (which is not sufficient to decrypt). Some people call "certificate" the union of the certificate and its private key, while some others (like me) say "certificate" only for the public part (as per X.509), hence an endless stream of confusion.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • But there must be some key exchanging, I could see it at Wireshark. Isn't that the key used to decrypt that session? – cprogcr Sep 28 '12 at 05:49
  • @cprogcr The private key of the certificate is used to encrypt the handshake, which contains the session key exchange. You need the private key to decrypt the handshake, which you can then use to decrypt the traffic. – Polynomial Sep 28 '12 at 06:06
  • I did a little more research, and I realized how this whole thing works. – cprogcr Sep 28 '12 at 06:43
  • +1, and you also need a non-DHE cipher suite. – Bruno Sep 28 '12 at 13:23
  • @Polynomial, you never really "encrypt" with a private key. In addition, whether the private key is used for deciphering the pre master secret or for signing (DHE params) depends on the cipher suite. (See [this answer](http://security.stackexchange.com/a/20101/2435), for example.) – Bruno Sep 28 '12 at 13:25
  • @Bruno Yeah, that's true. I was attempting to explain it in layman's terms, so I didn't include the details. Either way, the private key directly or indirectly provides confidentiality of the session key, which provides confidentiality of the underlying data stream. – Polynomial Sep 28 '12 at 13:31
6

Having the certificate will not help you decipher SSL traffic. SSL will use a key exchange protocol to establish a "master secret" between the client and server which is used to encrypt traffic using a symmetric cipher.

For intercepting and modifying HTTPS I use BURP, but there are others like Charles proxy (cheap) and Zed Attack Proxy(free and open source).

rook
  • 47,004
  • 10
  • 94
  • 182
  • But if being ARP poisoned, some malicious user could see the Key Exchange and use that to decrypt the traffic, or am I wrong? – cprogcr Sep 28 '12 at 05:52
  • @cprogcr, that's why you need to verify the certificate, and use a cipher suite that performs authenticated key exchange (sensible SSL/TLS stacks only enable those by default). – Bruno Sep 28 '12 at 13:26
0

what about the situation where wireshark is used (or any traffic analyser tool) on a company proxy in which they have root certificates installed? that way the proxy is able to do SSL inspection, see here.

fduff
  • 725
  • 1
  • 8
  • 17