💾 Archived View for gs.vern.cc › gemlog › small-problem-in-infosec.gmi captured on 2024-08-18 at 17:15:11. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I found a thing which's very intersting recently.
1. We can capture and decrypt regular TCP socket connection.
2. We can capture and decrypt HTTPS connection which's based on SSL/TLS.
3. We can't capture and decrypt SSL/TLS connection. :-/
Ah, that's not good. Let's make one. Here's the basic concept:
THE NORMAL CONNECTION ROUTINE +------+ TLS With Server Cert +--------+ | User | <----------------------> | Server | +------+ +--------+
THE TLS PACKET CAPTURE ROUTINE +------+ TLS With Our Cert +-------------+ TLS With Server Cert +--------+ | User | <-------------------> | Fake Server | <----------------------> | Server | +------+ +-------------+ +--------+
In a word, it's a typical man in the middle capture routine. And we
will build something like a SSL/TLS reverse proxy.
Source Code not avaliable yet, still work in progress...