sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly.
- Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now.
- Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that.
- Dumps one file by fd in outputs/
- Attaching a process is quickier with –addr 0xb788aa98 as provided by haystack INFO:abouchet:found instance
- how to get a pickled session_state file : $ sudo haystack –pid
pgrep sshsslsnoop.ctypes_openssh.session_state search > ss.pickled
Not all ciphers are implemented.
Workings ciphers: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc
Partially workings ciphers (INBOUND only ?!): aes128-cbc, aes192-cbc, aes256-cbc
Non workings ciphers: 3des-cbc, 3des, ssh1-blowfish, arcfour, arcfour1280
It can also dump DSA and RSA keys from ssh-agent or sshd ( or others ).
You can download sslsnoop here:
Or read more here.
- CloudFlare Introduces SSL Without Private Key
- StegExpose – Steganalysis Tool For Detecting Steganography In Images
- Important OpenSSL Patch – 6 More Vulnerabilities
- Blue-Ray DRM Cracked Already?
- AxCrypt – Open Source Windows File Encryption Software
- Sandman – Read the Windows Hibernation File
Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 46,841 views
- Hackers Crack London Tube Oyster Card - 41,371 views
- WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key) - 31,469 views