Sniffing SSL Transactions on CSS

Answered Question
Mar 12th, 2007

Is it possible to sniff SSL encrypted traffic on the CSS? Our config has encrypted user traffic coming in to the CSS on port 443, being unencrypted by the SSL module, then reencrypted and sent out to the backend server on port 443. Are there any debug or snoop commands I can run on the CSS to view the encrypt/decrypt transactions and capture the clear text data?

Correct Answer by Gilles Dufour about 9 years 11 months ago

there is no way to see this info directly from the CSS.

You'll need to use tools like SSLDUMP as mentioned in another post.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
alejrodr Tue, 03/13/2007 - 06:26

You can sniff the SSL traffic coming in and heading out of the CSS with a regular sniffer application such as Ethereal or Wireshark. Be sure to save the file in .cap format.


Using a tool such as SSLDUMP along with OPENSSL, you can use your CSSs private key to decrypt the secure traffic. Only having the private key and certificate you will be able to decrypt the payload of the SSL traffic.


http://www.rtfm.com/ssldump/

a.veschak Tue, 03/13/2007 - 06:47

Thanks for the reply alejrodr... but I guess I need to clarify exactly what I am trying to do.


I am wondering if there is a way to be on the CSS remotely and issue some commands (debugs?) that would enable me to view the entire process of the traffic flow from entry to exit as it is being processed by the SSL module. Basically, is there a command I can run on the CSS that will dump all SSL module transaction data either onto the screen or into a file on the disk?

Correct Answer
Gilles Dufour Tue, 03/13/2007 - 06:43

there is no way to see this info directly from the CSS.

You'll need to use tools like SSLDUMP as mentioned in another post.


Gilles.

Actions

This Discussion