[Challenge / Project] - decrypting SSL / HTTPS on the fly

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

[Challenge / Project] - decrypting SSL / HTTPS on the fly

Post by Sethioz »

just as it says in title, today i spent..well all day looking for a good way to decrypt https, but ended up fucking up my root certificates.

Here's what ive seen and read and know.

*. there's some software called "Komodia's" and after that comse ssl sniffer, ssl digestor..etc
- on their site komodia.com, they say that it can decrypt any SSL, but theres no download for anything else but ssl sniffer
- if somebody is able to find cracked version of this, would be nice.

*. WireShark is able to decrypt SSL, but i haven't figured it out. ive found tons of tutorials, but all seem to be senseless.
- they talk about ====BEGIN RSA PRIVATE KEY==== which is server side, not for client, how you get it ???
- http://support.citrix.com/article/CTX116557 << here they talk about it, but that RSA KEY is not client sided, i was not able to find it anywhere and wireshark does not work without it...as it seems. so huh ?

im not going into details, what i have tried, because maybe i missed something then whoever tries to continue from the point where i left off, will get confused. i just mentioned those 2 things which should matter the most.
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: [Challenge / Project] - decrypting SSL / HTTPS on the fl

Post by Sethioz »

i mislooked some software, such as webscarab, burp suite and paros, but those only work on HTTPS (websites).
i found a program called Fiddler, which can decrypt any SSL. also i found something called charles (charles proxy), which can decrypt SSL.

now my target is to decrypt traffic in pokerstars, but it is quite hard, because pokerstars does not seem to accept any other certificates than its own. so it means that client hack is needed in order to make it accept the certificate, but not so sure about server.
it can probably be emulated.
really nobody out there who is interested in this ?
Post Reply