+ Reply to Thread
Results 1 to 1 of 1

Thread: How To Decrypt Ruby SSL Communications with Wireshark

  1. #1
    Moderator ContributorNetywork Analysis Master
    Join Date
    May 2014

    How To Decrypt Ruby SSL Communications with Wireshark

    Debugging a program that communicates with a remote endpoint usually involves analyzing the network communications. A common method is capturing the traffic using a packet analyzer tool such as Colasoft Capsa ,tcpdump or Wireshark. However, this process can be tricky when the communication is encrypted. Our team, responsible for the Trustwave network vulnerability scanning system, regularly encounters this situation - especially when scanning systems we don't control (mostly those of customers).

    In this blog post, I will explain how to decrypt SSL/TLS communications to allow for the analysis of that traffic with Wireshark. I will focus on Ruby and the binding for OpenSSL. Please note that the topic of this post is not methods for breaking crypto-systems. Instead, it's about how to retrieve key material for decryption.

    Last edited by Nancy; 10-26-2015 at 06:51 AM.
    Colasoft Capsa is a portable network analyzer for both LAN and WLAN performing real-time packet capturing, network monitoring, advanced protocol analysis, in-depth packet decoding, and automatic expert diagnosis.

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts