HTTPS payload decryption using root authorized private key
How could one decrypt HTTPS payload using a root authorized private-key in a .NET application?
20 Replies
$details
When you ask a question, make sure you include as much detail as possible. Such as code, the issue you are facing, what you expect the result to be, what .NET version you are using and what platform/environment (if any) are relevant to your question. Upload code here https://paste.mod.gg/, save, and copy the link into chat for others to see your shared code! (see $code for more information on how to paste your code)
About the only thing I can say in response to a question that vague is ".NET provides classes to encrypt and decrypt data. Use them"
Where did this encrypted payload come from? Why wasn't it decrypted automatically using TLS when you downloaded it?
(For example, you rarely use asymmetric crypto to encrypt something big, like a HTTP payload. You use the asymmetric keys to share some private session-specific symmetric keys, and then use those, as symmetric crypto is a lot quicker. So the question itself doesn't really make sense anyway, as normally HTTPS payloads aren't encrypted with asymmetric keys)
HTTPS payloads captured using sharppcap. I have the private key from a trusted root certificate, I am just not sure of how to decrypt the array of bytes appropriately. I've tried researching for quite a while, but to no avail.
You can't, AFAIK.
Well, unless you capture the TLS handshake
I got the handshake.
Here's my current situation.
I'm assuming this (but a lot more complex) is how Fiddler does it, since they also use a trusted root certificate key.
IIRC fiddler MITM's the traffic?
It seems it does.
I have the private key from a trusted root certificateSo you have the actual private key that the server used for the TLS connection? But you don't have the private key which the browser used?
dangit
I generated a self-signed one and added it to the trusted root certificates and do not have the browser one.
So the server was running on localhost, or...?
Yes.
Googling around, it seems the normal wya to do this is to configure the browser to create a key log file, which contains the various TLS session keys that it used. Wireshark at least can then use those to decrypt the traffic
I'll have a look at giving that a shot, thanks.
This looks like your question: https://security.stackexchange.com/questions/71309/it-is-possible-to-decrypt-https-with-the-private-public-pair-if-it-uses-dhe
Information Security Stack Exchange
it is possible to decrypt HTTPS with the (private, public) pair if ...
Assuming you have a PCAP file with HTTPS traffic and having the key pair (private & public), it is possible to decrypt the traffic if it uses Diffie Hellman Ephemeral? Using openSSL lib for exa...
Going out on a whim here, it's more or less the MITM route recommended?
The only thing is, I can't do that cause it would slow down the networking so it wouldn't be able to run infinitely while doing other stuff. It's meant to be a user application.
I don't know if there is a "recommended" way to decrypt all encrypted traffic. That rather defeats the point of the encryption, no? 😛
Of course.
It's explicitly meant to be hard to decrypt it, so it's likely that there are no "good" options
That's unfortunate. I'll have to stick with the chrome extension route of capturing the requests.
Thank you for your time once again, canton.