Home‎ > ‎CIS 140NA‎ > ‎

Extra Credit Lab: Penetrating SSL

In this lab you will use Firefox together with Wireshark to see through SSL connections.

Introduction
The SSL/TLS protocol is designed to protect Internet traffic from a man in the middle attack. Wireshark, of course, lets you be (wo)man in the middle. Without extra help you cannot see into an encrypted conversation. One thing you can do is give Wireshark the secret key used by the server. Using that secret key Wireshark can see through weaker SSL conversations but strong ones are still out of reach. Firefox can provide that help by "leaking" the encryption keys used in an SSL conversation. This gives Wireshark the ability to see any conversation as long as you're using a recent copy of Wireshark.

Decryption Using the Server Key
The Wireshark Wiki has a page about SSL:

Read the page and download the file snakeoil2_070531.tgz. Inside the file you will find a packet capture and the server's private key. Install the key into Wireshark and open the capture file. If you've done it right you'll be able to see the unencrypted conversation. Take a screenshot of the decrypted conversation. 

Decryption Using Firefox
Firefox has an excellent support for helping you see more with Wireshark. When enabled Firefox records the secret random keys used to encrypt the SSL/TLS traffic into a keys file. Wireshark can read this file and use the keys to look into packets. Though this form of decryption is limited to only the things you can do with Firefox it is effective against even the strongest encryption. 

Read this blog about decrypting TLS traffic with Wireshark. It gives step-by-step instructions for how to setup Firefox and Wireshark. Using this procedure visit an HTTPs site and decrypt the conversation. Take a screenshot of the decrypted conversation.
 
Turn In
  1. The screenshot from part 1
  2. The screenshot from part 2
Submit your homework on blackboard.

Grading
  • 10 points for part 1
  • 10 points for part 2
Comments