Tuesday, 25 January 2022

Decrypt SSL/TLS with specific Private Key via SCAPY

I want to decrypt HTTPS traffic for my domain on my server with scapy.

Then I have the original international registered certificate files for my domain...

And it must be so much easy to do this with scapy BUT I can not find any solution anywhere and this is so crazy.

For example I was read these articles but they not working and have no simple and clean solution:

Finaly I was writting a sample code BUT it raising below error and I try too much to fix it but cant understand the problem and clear solution:

value Error: ciphertext length must be equal to key size

import os, sys
import ssl
from scapy import *
from scapy.all import *
from scapy.layers import *
from scapy.layers.tls import *
from scapy.layers import inet
from scapy.layers.inet import *
import socket, select
import binascii
import io
from io import StringIO

load_layer("tls")
c = Cert("SSL/STAR_mydomain_com.crt")
k=PrivKey("SSL/private.key")

########### Unit-Test Encrypt/Decrypt Run OK ########### 
#M = bytes("message to be encrypted".encode())
#enc = c.encrypt(M, t='oaep')
#print(enc)
#dec = k.decrypt(enc, t='oaep')
#print(dec)

while True:
    s = sniff(filter="port 443", count=10)
    ch_list = [p for p in s]
    if len(ch_list)>0:
        for pkt in ch_list:
            p_layer = pkt.getlayer('IP')
            src = p_layer.src
            dst = p_layer.dst
            if (src=='my-server-ip') or (dst=='my-server-ip'):
                if ('TLSEncryptedContent' in str(type(pkt['TCP'].payload))):
                    
                    ########### any 3 below commands go in same error ############## 
                    ########### and i was try 'pss' instead of 'oaep' but same error 
                    
                    dec2 = k.decrypt(pkt['TCP'].payload, t='oaep')
                    #dec2 = k.decrypt(bytes(pkt['TCP'].payload), t='oaep')
                    #dec2 = k.decrypt(bytes(pkt['TCP'].payload).decode('UTF8', 'replace'), t='oaep')
                    
                    print(dec2)
                
    else:
        print('...passed')

If you have any solution then please share it and I will test and share the result with no negative score.



from Decrypt SSL/TLS with specific Private Key via SCAPY

No comments:

Post a Comment