Thursday, September 29, 2016

sniff and decrypt the ssl connection with server private keys

not all the chiper key exchange is vulnerability to this, for example
- Cipher    : ECDHE-RSA-AES256-GCM-SHA384
- Cipher    : DHE-RSA-SEED-SHA

and I got it work with this one, Cipher    : RC4-MD5

1- diagram
client --> (ens38) wireshark (ens33) --> ssl server (192.168.202.21)

 **** web server ssl
2- create certification for https server
$ cd /usr/share/easy-rsa
$ mkdir keys
$ touch keys/index.txt
$ echo 01 > keys/serial
$ source ./vars
$ export PATH=$PATH:/usr/share/easy-rsa
$ pkitool --initca
$ pkitool --server server1


the server1 key and crt will be created in /usr/share/easy-rsa/keys with the following file
01.pem  ca.key     index.txt.attr  serial      server1.crt  server1.key
ca.crt  index.txt  index.txt.old   serial.old  server1.csr  server1.pem



3- create ssl vhost for phpmyadmin, the configuration file is  /etc/apache2/sites-enabled/phpmyadmin.conf  with content below
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /usr/share/phpmyadmin
        ServerName phpmyadmin.test.domain
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile    "/usr/share/easy-rsa/keys/server1.crt"
        SSLCertificateKeyFile "/usr/share/easy-rsa/keys/server1.key"
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>


4- enable ssl apache module
$ sudo a2enmod ssl

5- configure ssl module to be vulnerable by edit it configuration file in /etc/apache2/mods-enabled/ssl.conf as below

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:${APACHE_RUN_DIR}/ssl_mutex
SSLCipherSuite LOW:+SSLv2:ADH:MD5
SSLProtocol all -SSLv3 -TLSv1
</IfModule>


6- restart the apache2 service
$ sudo /etc/init.d/apache2 restart

7- test what is the key exchange cipher the apache serve
~$ openssl s_client -connect phpmyadmin.test.domain:443
CONNECTED(00000003)
depth=0 C = US, ST = CA, L = Sancisco, O = Founston, OU = MtionalUnit, CN = server1, name = EasyRSA, emailAddress = ssme@myhost.mydomain
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = CA, L = Sancisco, O = Founston, OU = MtionalUnit, CN = server1, name = EasyRSA, emailAddress = ssme@myhost.mydomain
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=CA/L=Sancisco/O=Founston/OU=MtionalUnit/CN=server1/name=EasyRSA/emailAddress=ssme@myhost.mydomain
   i:/C=US/ST=CA/L=Sancisco/O=Founston/OU=MtionalUnit/CN=Founston CA/name=EasyRSA/emailAddress=ssme@myhost.mydomain
---
SSL handshake has read 1433 bytes and written 487 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : RC4-MD5

    Session-ID: 1AFA78FDDA46F56727BB434DAAAC4B818D1071F5F9568338A1510136A94A9DD3
    Session-ID-ctx:
    Master-Key: D2835049C87802E74758575F102E8E211D9991480B3A403B7B48568189BEC9C01FA4FC3586BB70B30BC6C493EEFD64EA
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - c0 cc 18 0f 0a f0 82 c7-b1 7d d4 c1 de 7d 46 88   .........}...}F.
    0010 - 93 96 4c 52 e3 3d 84 3d-1d 21 dc 91 6b 92 20 72   ..LR.=.=.!..k. r
    0020 - 4e af e9 9a 6c b3 13 a8-18 08 81 01 e5 66 7a 4d   N...l........fzM
    0030 - cc fa dc 3d f1 f6 79 9d-9e e6 4a 42 be c0 21 e4   ...=..y...JB..!.
    0040 - e1 f8 e2 f5 36 34 a8 2f-c3 0b c1 82 d4 89 ff 42   ....64./.......B
    0050 - aa 94 82 dd 9b 09 50 5d-68 02 aa 5f 1a 10 2e 9e   ......P]h.._....
    0060 - 15 89 44 58 90 e9 21 6e-b4 fe 06 49 af 87 59 d4   ..DX..!n...I..Y.
    0070 - 05 78 cb 6a b3 27 7f 26-12 a1 86 ee ec ae 61 e4   .x.j.'.&......a.
    0080 - dd 5a c0 00 ea f9 06 0a-c8 44 b4 ae 17 83 ee 1c   .Z.......D......
    0090 - 00 d6 8a 78 eb bf c0 35-6e 42 ed 9f 68 0b 73 23   ...x...5nB..h.s#
    00a0 - 90 a3 97 7b 10 6d 8f 5a-94 ab 70 f7 3f 37 7e 1e   ...{.m.Z..p.?7~.
    00b0 - eb 48 78 53 aa 35 d6 b0-ea 1c 7c b9 5a d4 a8 57   .HxS.5....|.Z..W

    Start Time: 1475123952
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

in yellow high light, it is RC4-MD5, to we can use server private to decrypt the sniff traffic, if we could obtain the private keys from server.


**** mitm pc sniff the traffic and decrypt with server private key
8- capture traffic with tshark and save it as ssl.pcap on interface ens38
$ sudo tshark -i ens38 -f "port not 22" -w ssl.pcap

- when the client do the login already we can stop the capturing

9- open the ssl.pcap file with wireshark and apply the private key
$ wireshark -r ssl.pcap

then add private key, to decrypt ssl (tls) traffic, host ip and the protocol inside it.

- right click on one of the tls traffic and "protocols preference" --> "open secure socket  layer preference" as the picture below

- add "edit" on rsa key lists then add key, server ip, port and protocol inside as the picture below

- then wireshark will decrypt the tls traffic and turn it to http traffic instead and you can peek inside every packets for interesting information

-snapshot of user/password of phpmyadmin traffic on ssl protoco


No comments:

Post a Comment