sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly.
- Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now.
- Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that.
- Dumps one file by fd in outputs/
- Attaching a process is quickier with –addr 0xb788aa98 as provided by haystack INFO:abouchet:found instance
- how to get a pickled session_state file : $ sudo haystack –pid
pgrep sshsslsnoop.ctypes_openssh.session_state search > ss.pickled
Not all ciphers are implemented.
Workings ciphers: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc
Partially workings ciphers (INBOUND only ?!): aes128-cbc, aes192-cbc, aes256-cbc
Non workings ciphers: 3des-cbc, 3des, ssh1-blowfish, arcfour, arcfour1280
It can also dump DSA and RSA keys from ssh-agent or sshd ( or others ).
You can download sslsnoop here:
Or read more here.
- The Logjam Attack – ANOTHER Critical TLS Weakness
- BitTorrent Bleep – Encrypted, Decentralized Voice & Text App
- Google Revoking Trust In CNNIC Issued Certificates
- Blue-Ray DRM Cracked Already?
- Mimikatz – Gather Windows Credentials
- AxCrypt – Open Source Windows File Encryption Software
Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 47,304 views
- Hackers Crack London Tube Oyster Card - 43,506 views
- WPA2 Vulnerability Discovered – “Hole 196” – A Flaw In GTK (Group Temporal Key) - 32,312 views