用 Netmon 和 NM Decrypt解密 SSL(TLS) 数据包

最新推荐文章于 2024-06-12 14:33:23 发布
最新推荐文章于 2024-06-12 14:33:23 发布
阅读量2.1k 收藏
点赞数
文章标签: ssl 解密 download file button properties

1、下载 NetMon  3.4(http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en),  下载 NMDecrypt ( http://nmdecrypt.codeplex.com/ ) 并安装

2、抓包,然后查看认证方式,然后在 " 运行" 窗口,敲入 "mmc" ,点击 Add/Remove Snap-ins” window opens, 选择“Certificates” and press “Add”.选择   “Local Computer” radio button and click “Finish”.

3、找到对应的 认证方式,右键 "all tasks" 导出 到本地,

4、将抓到的包保存到本地,然后重新打开,expert....

----------------------------------------------------------------------------------------------------------------------------------------------------

How to decrypt SSL using Netmon and NM Decrypt 

1.0 Necessary Files

1.1 Download and Install Netmon

Open a web browser and navigate to: http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en

Download the NetMon version 3.3 and install it.

Navigate to http://nmparsers.codeplex.com/ and download parser set 3.4.2131.0001 for Netmon and install.

1.2 Download and Install NMDecrypt

Navigate to http://nmdecrypt.codeplex.com/ and download the NmDecrypt 2.1 and install full version of it.

2.0 Exporting the Certificate with a Private Key on the Server

Using Windows Server 2008, press WIN+R and type “mmc” in the “Open:” field.

Press enter to open the Console.

 

Within the console, open the “File” drop-down list and select “Add/Remove Snap-in”.

 

When the “Add/Remove Snap-ins” window opens, select “Certificates” and press “Add”.

Select the “Computer Account” radio button and click “Next”

 

Select the “Local Computer” radio button and click “Finish”.

Exit the “Add/Remove Snap-ins” window.

Expand the top-level “Certificated (Local Computer)

Expand “Personal” and select the “Certificates” folder.

 

Double-click the listed certificate and ensure a private key is present. (See screenshot below)

Close the Certificate window.

Right-click the certificate and select All Tasks -> Export

 

Click “Next” on the first screen.

Select the “Yes, export the private key” radio button and click “Next”.

**NOTE:  If this field is greyed out, proceed to section 3.0 and follow the instructions**

 

In the “Export File Format” window that is displayed, select the “PKCS #12 (.PFX)” radio button.

Place Check Marks in the boxes labeled “Include all certificates in the certification path” and “Export all extended properties”

Click “Next” to proceed.

Enter a Password when prompted and select “Next”. (Remember this password as you will need it for NMDecrypt)

 

Enter a path for the certificate to export to and select “Next” to proceed.

When the certificate has been successfully exported, copy it to the computer that will be used for testing purposes.

3.0 Making the Private Key Exportable

If you are trying to export the certificate and the private key is not exportable, this section will guide you to enable the functionality.  If Section 2.0 has been successfully completed without error, you may disregard this section.

This section assumes the Local Computer Certificates snap-in has been added to the console.

Expand the top-level “Certificated (Local Computer). Expand “Personal” and select the “Certificates” folder. Right-click the certificate and select All Tasks ->Renew Certificate with New Key.

 

In the “Certificate Enrollment” window, Expand “Details” and click “Properties”.

In the “Certificate Properties” window, select the “Private Key” tab.

Place a check in the box labeled “Make Private Key Exportable” and click “Apply”

Close all properties windows and Click “Enroll” to request a new certificate with an exportable private key.

**NOTE: The new certificate will take at least 24 hours to take effect. Wait at least 24 hours and repeat the steps in section 2.0**

 

4.0 Using NMDecrypt

Here are some very simple steps on how to use NMDecrypt to decode SSL in a .cap file.

1) Open Flashlite

2) Click "Start capture"

3) Wait until Flashlite is in "Now Capturing" mode

4) Open Outlook

5) Close Outlook

6) Click "Stop Capture" in Flashlite

7) View capture in NetMon.

8) Open the Experts drop-down list and select NMDecrypt> Launch Expert

9) Under Server Certificate Paths, choose Browse.

10) Locate the .pfx file that contains the server certificate (Section 2.0) and click OK.

11) Enter the server Export Password that you created when exporting the certificate from the server.

12) Under Decrypted File Path, choose Browse.

13) Navigate to the folder that you want your decrypted file to be located under. In the FileName field, type the name you want for your decrypted file and click OK. (By default, the file extension should be .cap)

14) Click "Start" to being the decryption process. This may take several minutes.

15) Once the file has been decrypted, open decrypted.cap file you created in NetMon.

 

You can now view decrypted SSL traffic using Netmon!

 

magiccops
关注
netmon_cli:一个简单轻量级的终端数据包嗅探器
05-31
就像标题所说的那样,这是仅使用内置的libs用C语言编写的简单的简单数据包嗅探器。 嗅探器依赖原始套接字来捕获来自Linux机器的传入和传出数据包。 它有一个从头开始编写的 REPL 接口,它可以将嗅探到的数据包转储...
LM/NTLM验证机制
瞎几把学
07-10 2399
<br />LM/NTLM验证机制 <br />目录: <br />☆ 概述 <br />☆ 挑战/响应模式 <br />☆ L0pht文档 <br />☆ Windows NT身份验证机制的脆弱性 <br />☆ str_to_key()函数 <br />☆ 如何从明文口令生成LM Hash <br />☆ 标准DES加密 <br />☆ 如何从明文口令生成NTLM Hash <br />☆ 标准MD4单向哈希 <br />☆ SMB报文中使用的是DES LM Hash和DES NTLM Hash <br
Navicat Premium 注册机 激活报错
kaizen_z的博客
11-09 1万+
使用注册机激活Navicat 时报错 版本:Navicat Premium15 报错: 处理:断网重装Navicat (注册表看情况删除) 默认安装在C盘 结果:成功
【Navicat】Navicat Premium12.0.64 安装与注册激活
Rachelsalaheiyo的博客
01-18 1813
前一阵子在安装这一个版本的navicat的时候碰壁了,怎么试都无法注册激活成功,一直都是“Error on Decrypt Request Code...”,今晚偶然看到一篇博文,跟上次自己安装过程有点不同的是我上次没有禁用防火墙,各位要是有跟我一样情况的可以参考下面这篇文章,很详细哟 ==&gt; https://blog.csdn.net/qq_39720249/article/details...
RFC8446 TLS1.3中文版(5-7)
aashuii的博客
10-18 1515
RFC8446
Navicat破解报错Error on Decrypt Request Code…
最新发布
m0_48920182的博客
06-12 725
如何解决在使用注册机进行破解navicat的时候,在最后一步生成激活码的时候报错:Error on Decrypt Request Code……
netmon:TCP 连接和电子邮件循环监控软件-开源
06-28
netmon 旨在定期进行 TCP 连接测试,并在 HTML 页面中发布状态。 netmon 提供了一个简约的 Web 服务器来在浏览器中呈现此页面。... 与 SSL/TLS 兼容。 1.1 版可以作为服务 (Windows) 或守护程序 (Linux) 运行。
netmon-ELK:使用ELK堆栈进行系统日志,Netflow和Packetbeat监视
05-13
netmon-ELK# ## Description ## Vagrantfile部署ELK堆栈和Packetbeat用作Netmon和Syslog分析工具。 ================================= ##没有Vagrant的设置##如果不使用Vagrant,请运行以下命令以root用户身份...
netmon-scanner
04-30
3. **第三方库**:Python有大量用于网络监控和分析的第三方库,如Scapy用于数据包操作,Pandas用于数据分析,matplotlib用于绘制图表等,这些都可能被NetMon扫描仪所使用。 4. **跨平台性**:Python的跨平台特性...
Distinct(NetMon)很好用的网络抓包工具
01-29
6. **回放功能**:NetMon允许用户将捕获的数据包保存为文件,并在需要时进行回放,这对于重现网络问题和测试场景非常有用。 7. **安全检查**:在网络安全方面,NetMon可以帮助识别潜在的攻击,如端口扫描、拒绝服务...
Netmon 抓包经典排错案例 英文
10-23
STUDENT AND INSTRUCTOR GUIDE These “Troubleshooting Scenarios” differ from the “Labs” portion of the courseware in that they are not “click by click” guides but rather are loosely guided troubleshooting scenarios where students can test their skills. Note that this Troubleshooting Scenarios documentation contains merged student and instructor guide information. These scenarios may be used in class or may be used for self-guided study after the workshop. This Troubleshooting Scenarios documentation is divided in sections according to scenario. In addition to the several troubleshooting scenarios, there is a classroom setup guide for instructors preparing a classroom to host the live versions of these scenarios. Each scenario section begins with the primary student / delivery information. For scenarios with additional instructor specific notes, such notes will follow at the end of the section for that scenario.
解密TLS协议全记录之利用wireshark解密
热门推荐
walleva96的博客
07-17 4万+
引言 为什么会突然有使用wireshark学习TLS的想法,主要是为了在nike官网抢限量球鞋,但是发现路子好像走歪了,唯一的价值好像就是多了这么一篇博客,查阅了很多有根据,没根据的博客内容,总结出这篇自以为还算全面,结实的文章。如有问题,欢迎讨论交流。 学习网络协议之前,必须先找对最基本的协议学习网站, rfc协议官网 https://www.rfc-editor.org ietf协议官网 https://www.ietf.org/ 这个网站我经常搜索不出比较理想的文件,标题不直观,杂七杂八的会议记录
Wireshark will decrypt the TLS (HTTPS) traffic and save the plain text: 將TLS (https) decrypt 並保存明文
agathakuan的博客
10-28 9631
使用 SSL/TLS 協議傳輸的封包在 handshake 之後以加密形式傳輸,即使wireshark 抓包也無法看到內容,本文介紹使TLS 封包解為明文的方法
iOS-HTTPS 温故知新(一) — 开篇
MinggeQingchun的博客
02-15 802
一、为什么需要 HTTPS HTTP1.1 有以下安全性问题: 使用明文(不加密)进行通信,内容可能会被窃听; 不验证通信方的身份,通信方的身份有可能遭遇伪装; 无法证明报文的完整性,报文有可能遭篡改。 由于 HTTP 设计之初没有考虑到这几点,所以基于 HTTP 的这些应用都会存在安全问题。 1. 数据没有加密 基于 TCP/IP 的网络,网络各处都会存在被监...
RSA加密/解密 Decryption error异常解决
kodmoqn的博客
06-23 4860
RSA加密/解密 Decryption error异常解决
国外hash(MD5、NTLM、LM、SHA)密码在线破解网站
beagreatprogrammer的专栏
06-16 3万+
PS:这是国外的hash密码在线破解网站列表,支持多种类型的hash密码,目前可查询破解的hash包括:MD5、NTLM、LM、SHA1、SHA 256-512、MySQL、WPA-PSK 。 MD5 MD5Decrypter(uk) Plain-Text Crackfoo -NNC Hashcrack Gdata MD5this MD5crack Noisette Jooml
win10获取NTLM哈希
mengxp的博客
06-25 2589
https://www.insecurity.be/blog/2018/01/21/retrieving-ntlm-hashes-and-what-changed-technical-writeup/ Retrieving NTLM Hashes and what changed in Windows 10 Abstract Password are stored on hard dr...
各种解码网站
dfdhxb995397的博客
01-16 4620
xssee:http://web2hack.org/xssee xssee:http://evilcos.me/lab/xssee 程默的博客(DES,3DES,AES,RC,Blowfish,Twofish,Serpent,Gost,Rijndael,Cast,Xtea,RSA):http://tool.chacuo.net/cryptdes 在线编码解码(多种并排):http:...
逆向工程实验——pre7(密码学算法:NTLM、Playfair算法破解)
Onlyone_1314的博客
02-02 857
实验目录1.阅读2. 阅读3. (选做)This is one of the hardest ever exercises.4. NTLM:CDABE1D16CE42A13B8A9982888F3E3BE(1)Python代码暴力破解(2)hashcat工具破解5. (选做)Playfair Encryption 1.阅读 反调试技术总结 https://bbs.pediy.com/thread-225740.htm https://bbs.pediy.com/thread-212371.htm 2. 阅读
HP OpenView NNM 实验:配置与使用指南
"北邮信息工程学院的网络管理实验四主要关注HPOpenViewNNM的配置和使用,旨在让学生掌握这款网络管理工具的主要功能,并能进行基础的网络管理操作。实验环境要求包括特定硬件配置和HPOpenViewNNM B.06.40版本的软件...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值