gemini://://gs.vern.cc/gemlog/small-problem-in-infosec.gmi
#

A small problem in infosec - SSL/TLS Connection Capture

I found a thing which's very intersting recently.

1. We can capture and decrypt regular TCP socket connection.

2. We can capture and decrypt HTTPS connection which's based on SSL/TLS.

3. We can't capture and decrypt SSL/TLS connection. :-/

Ah, that's not good. Let's make one. Here's the basic concept:

```
			THE NORMAL CONNECTION ROUTINE
```
```
+------+  TLS With Server Cert    +--------+
```
| User | <----------------------> | Server |
```
+------+                          +--------+
```
			THE TLS PACKET CAPTURE ROUTINE
```
```
+------+  TLS With Our Cert    +-------------+  TLS With Server Cert    +--------+
```
| User | <-------------------> | Fake Server | <----------------------> | Server |
```
+------+                       +-------------+                          +--------+
In a word, it's a typical man in the middle capture routine. And we
will build something like a SSL/TLS reverse proxy.
Source Code not avaliable yet, still work in progress...
 =>Back to home
 =>See the catalogues