I want to decrypt HTTPS traffic for my domain on my server with scapy.
Then I have the original international registered certificate files for my domain...
And it must be so much easy to do this with scapy BUT I can not find any solution anywhere and this is so crazy.
For example I was read these articles but they not working and have no simple and clean solution:
Finaly I was writting a sample code BUT it raising below error and I try too much to fix it but cant understand the problem and clear solution:
value Error: ciphertext length must be equal to key size
import os, sys
import ssl
from scapy import *
from scapy.all import *
from scapy.layers import *
from scapy.layers.tls import *
from scapy.layers import inet
from scapy.layers.inet import *
import socket, select
import binascii
import io
from io import StringIO
load_layer("tls")
c = Cert("SSL/STAR_mydomain_com.crt")
k=PrivKey("SSL/private.key")
########### Unit-Test Encrypt/Decrypt Run OK ###########
#M = bytes("message to be encrypted".encode())
#enc = c.encrypt(M, t='oaep')
#print(enc)
#dec = k.decrypt(enc, t='oaep')
#print(dec)
while True:
s = sniff(filter="port 443", count=10)
ch_list = [p for p in s]
if len(ch_list)>0:
for pkt in ch_list:
p_layer = pkt.getlayer('IP')
src = p_layer.src
dst = p_layer.dst
if (src=='my-server-ip') or (dst=='my-server-ip'):
if ('TLSEncryptedContent' in str(type(pkt['TCP'].payload))):
########### any 3 below commands go in same error ##############
########### and i was try 'pss' instead of 'oaep' but same error
dec2 = k.decrypt(pkt['TCP'].payload, t='oaep')
#dec2 = k.decrypt(bytes(pkt['TCP'].payload), t='oaep')
#dec2 = k.decrypt(bytes(pkt['TCP'].payload).decode('UTF8', 'replace'), t='oaep')
print(dec2)
else:
print('...passed')
If you have any solution then please share it and I will test and share the result with no negative score.
from Decrypt SSL/TLS with specific Private Key via SCAPY
No comments:
Post a Comment