1、下载 NetMon 3.4(http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en), 下载 NMDecrypt ( http://nmdecrypt.codeplex.com/ ) 并安装
2、抓包,然后查看认证方式,然后在 " 运行" 窗口,敲入 "mmc" ,点击 Add/Remove Snap-ins” window opens, 选择“Certificates” and press “Add”.选择 “Local Computer” radio button and click “Finish”.
3、找到对应的 认证方式,右键 "all tasks" 导出 到本地,
4、将抓到的包保存到本地,然后重新打开,expert....
----------------------------------------------------------------------------------------------------------------------------------------------------
How to decrypt SSL using Netmon and NM Decrypt
1.0 Necessary Files
1.1 Download and Install Netmon
Open a web browser and navigate to: http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en
Download the NetMon version 3.3 and install it.
Navigate to http://nmparsers.codeplex.com/ and download parser set 3.4.2131.0001 for Netmon and install.
1.2 Download and Install NMDecrypt
Navigate to http://nmdecrypt.codeplex.com/ and download the NmDecrypt 2.1 and install full version of it.
2.0 Exporting the Certificate with a Private Key on the Server
Using Windows Server 2008, press WIN+R and type “mmc” in the “Open:” field.
Press enter to open the Console.
Within the console, open the “File” drop-down list and select “Add/Remove Snap-in”.
When the “Add/Remove Snap-ins” window opens, select “Certificates” and press “Add”.
Select the “Computer Account” radio button and click “Next”
Select the “Local Computer” radio button and click “Finish”.
Exit the “Add/Remove Snap-ins” window.
Expand the top-level “Certificated (Local Computer)
Expand “Personal” and select the “Certificates” folder.
Double-click the listed certificate and ensure a private key is present. (See screenshot below)
Close the Certificate window.
Right-click the certificate and select All Tasks -> Export
Click “Next” on the first screen.
Select the “Yes, export the private key” radio button and click “Next”.
**NOTE: If this field is greyed out, proceed to section 3.0 and follow the instructions**
In the “Export File Format” window that is displayed, select the “PKCS #12 (.PFX)” radio button.
Place Check Marks in the boxes labeled “Include all certificates in the certification path” and “Export all extended properties”
Click “Next” to proceed.
Enter a Password when prompted and select “Next”. (Remember this password as you will need it for NMDecrypt)
Enter a path for the certificate to export to and select “Next” to proceed.
When the certificate has been successfully exported, copy it to the computer that will be used for testing purposes.
3.0 Making the Private Key Exportable
If you are trying to export the certificate and the private key is not exportable, this section will guide you to enable the functionality. If Section 2.0 has been successfully completed without error, you may disregard this section.
This section assumes the Local Computer Certificates snap-in has been added to the console.
Expand the top-level “Certificated (Local Computer). Expand “Personal” and select the “Certificates” folder. Right-click the certificate and select All Tasks ->Renew Certificate with New Key.
In the “Certificate Enrollment” window, Expand “Details” and click “Properties”.
In the “Certificate Properties” window, select the “Private Key” tab.
Place a check in the box labeled “Make Private Key Exportable” and click “Apply”
Close all properties windows and Click “Enroll” to request a new certificate with an exportable private key.
**NOTE: The new certificate will take at least 24 hours to take effect. Wait at least 24 hours and repeat the steps in section 2.0**
4.0 Using NMDecrypt
Here are some very simple steps on how to use NMDecrypt to decode SSL in a .cap file.
1) Open Flashlite
2) Click "Start capture"
3) Wait until Flashlite is in "Now Capturing" mode
4) Open Outlook
5) Close Outlook
6) Click "Stop Capture" in Flashlite
7) View capture in NetMon.
8) Open the Experts drop-down list and select NMDecrypt> Launch Expert
9) Under Server Certificate Paths, choose Browse.
10) Locate the .pfx file that contains the server certificate (Section 2.0) and click OK.
11) Enter the server Export Password that you created when exporting the certificate from the server.
12) Under Decrypted File Path, choose Browse.
13) Navigate to the folder that you want your decrypted file to be located under. In the FileName field, type the name you want for your decrypted file and click OK. (By default, the file extension should be .cap)
14) Click "Start" to being the decryption process. This may take several minutes.
15) Once the file has been decrypted, open decrypted.cap file you created in NetMon.
You can now view decrypted SSL traffic using Netmon!