sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly.
- Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now.
- Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that.
- Dumps one file by fd in outputs/
- Attaching a process is quickier with –addr 0xb788aa98 as provided by haystack INFO:abouchet:found instance
- how to get a pickled session_state file : $ sudo haystack –pid
pgrep sshsslsnoop.ctypes_openssh.session_state search > ss.pickled
Not all ciphers are implemented.
Workings ciphers: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc
Partially workings ciphers (INBOUND only ?!): aes128-cbc, aes192-cbc, aes256-cbc
Non workings ciphers: 3des-cbc, 3des, ssh1-blowfish, arcfour, arcfour1280
It can also dump DSA and RSA keys from ssh-agent or sshd ( or others ).
You can download sslsnoop here:
Or read more here.
Recent in Cryptography:
- TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation
- chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.
- Carbylamine – A PHP Script Encoder to ‘Obfuscate/Encode’ PHP Files
- Blue-Ray DRM Cracked Already?
- Sandman – Read the Windows Hibernation File
- Slashdot Effect vs Digg Effect Traffic Report
Most Read in Cryptography:
- The World’s Fastest MD5 Cracker – BarsWF - 45,951 views
- Hackers Crack London Tube Oyster Card - 37,205 views
- WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key) - 30,193 views