News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Decrypt Packet Capture  
by Mark Vatsaas [mark at vatsaas dot org]
posted on 2003/10/20

To troubleshoot communications issues, I have a program that will do a packet capture on my server. (A full network sniff and protocol analyzer along the lines of what you get from winpcap and windump.)

I want to parse out the ssl protocol and decrypt the message like ssldump does. (but in C#) It looks like your package should have what I need.

This is obviously more involed than the typical use of this package. I could just dive in and try to understand the entire project, but I'm hoping you can save me some time.

Can you help me identify the classes I should use to decypher the SSL handshaking protocol within my captured packets, and decrypt the message stream?

Thanks much!

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2003/10/20

I strongly suggest you read the TLS RFC [http://www.faqs.org/rfcs/rfc2246.html]. This will help you understand the internal structure of the Security Library. Without having read this RFC, I'm afraid you won't get that far.

You'll be able to reuse lots of code, but don't think it'll be easy. The Security Library always assumes it's an active party in the SSL/TLS protocol; it wasn't designed to be an SSL sniffer.

Decoding and decryption is done in the RecordLayer class. Decrypted data is immediately passed back to the SocketController, handshake data is forwarded to the HandshakeLayer class.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.