Just a thought what is we get domain access, can access any machine within network and further eavesdrop on SSL connections on multiple machines? one step ahead, send data to attacker!
tshark -n -r ssl.pcapng -o http.ssl.port:443,4430-4433 -o ssl.keylog_file:sslkeylog.log -Y ssl -V -Y "http.request" | find "pass"
- "ssl.pcappng" is our pcap dump file
- "sslkeylog.log" is our pre master secret file containing SSL keys generated by browser
- "-o" is used to change preferences setting for SSL protocol to get SSL keys from log file.
Hope this helps!
Post a Comment