Writing an application that passively sniffs SSL... Piece of cake?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Writing an application that passively sniffs SSL... Piece of cake?

Göran Sandahl
Hi

I'm considering writing an application that can passively sniff SSL/TLS
traffic, as part of an assignment at university. I'm aware of SSLDUMP, but
still want to go my own path.

I've written a client/server implementation of openssl, and know that alot of
functions are coded for that purpose, but I wonder if there are basic
functions that can use the handshake/protocol setup information that it sees
on the network, between a client and server, and then use that information to
sniff the connection. (Of course, the implementation would have access to the
servers private key.)

What are the limitations of openssl with regards to this, and is it relatively
easy to implement (compared to a standard client/server implementation)?

I'm looking forward for some feedback..

Thanks
Göran

--
-------------------------------------------------------
Göran Sandahl - <[hidden email]> -
GPG Fingerprint: 58CB C304 92A7 FCF6 349D 9C49 D279 38F2 C06C D351
Personal homepage : http://gsandahl.net
-------------------------------------------------------
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]