Network

Hi guys,

I’m stuck at this Network level....

I got that the pcap file has a SSL handshake in it and then encrypted http application data gets exchanged.
I also extracted the server certificate out of the trace.

What I dont get is where to get the private key from. Is it really like the clue says from a url i can google?
Would that mean that in the communication someone would have just reused a default key?

Glad for any help.

Hey twenska,

I think you need to decrypt the SSL with a private key found on google (relative to defcon 19). But this private key doesn’t seem to match the server certificate (I checked the wireshark ssl logs), so I’m out of ideas.

Anyone had more luck ?

[EDIT] Found the solution ! You have to find the private key associated with this deafcon challenge.

— 
Hx

stuck at finding p q values from n in google am i?

I got the private key through google search then use wireshark to decrypt the message. I am new to this area, just wonder in real world is there much chance for us to find the private key from Internet?

For me i extract the pub key from pcap, then i get some information and search in google for the private key with the information of public key

Here a tip for those who have some troubles to decrypt the packets with the correct key : when you import your key file in Wireshark, you have a little tab that appears at the bottom right of the screen when you select an application data. This tab is the decrypted version of the packet. I spent 2 hours because I haven’t seen it earlier ...