Extraction can either be done by debugging the application, searching for memory artifacts or patching it and subsequently decrypt the protocol messages. That said, if you do not want to or cannot mess with the server and you have access to the client process you could somehow find a way to extract the master secret from memory and re-calculate the client/server session keys as specified in the rfc. If it does not, good for you, you control the server, you have access to the negotiated keys.Ĭlient and server both negotiate a shared master secret which they derive a set of client and server session keys from (using tls prf specified in the according rfc e.g. Since this is changing the server cert that the client app sees the client app might just reject the connection (certificate pinning, hard-pins). You cannot decrypt the messages unless you control either the server (privkey for RSA auth suites, server app or program memory) or client (app or memory) (well, or both negotiate weak ciphers but thats a different topic)Įasiest way but most invasive and easy to spot for both server and client: ssl/tls man-in-the-middle with fake certs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |