Re: Reverse engineering program protocol under ssl

MacDermid, Kenny wrote: I'm looking to locally reverse engineer a network protocol > that's encrypted using ssl. The program runs under windows and > is using ssl dll's. I'm currently trying to work out the easiest solution, and am looking for suggestions. I'm considering either trying to wrap the

Re: Reverse engineering program protocol under ssl

http://www.rtfm.com/ssldump/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTE

RE: Reverse engineering program protocol under ssl

> From: Peter Sylvester > > http://www.rtfm.com/ssldump/ Thank you for your reply Peter, Unfortunately I already looked into this, and found that I would need the server keys. All I have is the client application, and a production server that it communicates back to. Thanks again, Kenny -

RE: Reverse engineering program protocol under ssl

> From: Charles B Cranston > > MacDermid, Kenny wrote: > > I'm looking to locally reverse engineer a network protocol > > that's encrypted using ssl. > > Another method would be to use a man-in-the-middle attack on > a third machine, but that machine would need access to the > private key of th

Re: Reverse engineering program protocol under ssl

On Wed, Nov 24, 2004, MacDermid, Kenny wrote: > > From: Charles B Cranston > > > > MacDermid, Kenny wrote: > > > I'm looking to locally reverse engineer a network protocol > > > that's encrypted using ssl. > > > > Another method would be to use a man-in-the-middle attack on > > a third machine,

RE: Reverse engineering program protocol under ssl

in openssl/apps/s_client;c you find: if (c_debug) { con->debug=1; BIO_set_callback(sbio,bio_dump_cb); BIO_set_callback_arg(sbio,bio_c_out); } if (c_msg) { SSL_set_msg_ca

Re: Reverse engineering program protocol under ssl

You're quite welcome. I'm sure the journalling-DLL approach would work just as well. Just for information, if you have administrative access to the server and it is based on Windows, you might be able to save the certificate and key as a .pfx file, then use the OpenSSL pkcs12 command to extract t

RE: Reverse engineering program protocol under ssl

> From: MacDermid, Kenny > Sent: Wednesday, November 24, 2004 8:33 AM > To: [EMAIL PROTECTED] > Subject: RE: Reverse engineering program protocol under ssl > > > > From: Peter Sylvester > > > > http://www.rtfm.com/ssldump/ > > Thank you for your

Re: Reverse engineering program protocol under ssl

Actually, I'm trying to do this very thing. I had not heard of ssldump and now I'm kicking myself. You should definitely use this ssldump thing. What I was eventually going to do, which you could do also, is find out what address is the call to SSL_verify or whatever that checks the integrit

RE: Reverse engineering program protocol under ssl

> > > From: Charles B Cranston > > > > MacDermid, Kenny wrote: > > > I'm looking to locally reverse engineer a network protocol > > > that's encrypted using ssl. > > > > Another method would be to use a man-in-the-middle attack on > > a third machine, but that machine would need access to the > >