Had a need to inspect HTTPS to scrutinise application data. Installed ssldump and fired it up.
commandrine@bridge:~$ ssldump -r https.pcap -k server.key -d host 10.10.10.13 > appdata.txt
Enter PEM pass phrase:
commandrine@bridge:~$
Pretty cool stuff. You need the server's private key before you can view session data associated with the said key.
Subscribe to:
Post Comments (Atom)
VM for ransomware investigations
My laundry list of tools/software useful when investigating ransomware cases. Tor: Obviously need this to access Onion sites. qBittorrent...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
Downloaded a sample of "Zbot" from Offensive Computing's site . I'm no reverse engineering guru but decided to give it a ...
No comments:
Post a Comment