what I stumbled upon and have been debating for over a month is a way in which you can decrypt HTTPS traffic without a man in the middle technique (Fiddler) or having the private key (old Wireshark method that is useless now). I present to you the fantastic and ugly secret of the SSLKEYLOGFILE environment variable. The only secret in magic is that the secret must be ugly (said by Penn Jillette). So I went searching for alternatives and much like one of my favorite podcast from RadioLab revealed about magic tricks. Here is a pretty good explanation of what happens in English.
because Diffie Hellman type ciphers never actually transmit the "secret" on the wire like the old RSA based ciphers did. Recently while preparing for a presentation at the Colorado UC User Group, I found out that my old reliable technique of decrypting HTTPS traffic using a private key, actually no longer works anymore since many of the modern servers and devices I work with use some form of Diffie Hellman cipher to setup the Encrypted connection.
0 kommentar(er)
