decrypt

Decrypting Firefox Traffic Using Wireshark in Ubuntu GNU/Linux

 in Bash / FireFox / GNU/Linux  tagged decrypt / firefox / SSLKEYLOGFILE / ubuntu / wireshark by

Wireshark is a powerful network protocol analyzer that lets you capture and analyze real-time network traffic. By default, Wireshark does not decrypt encrypted traffic, such as HTTPS, as it is designed to maintain security and privacy. However, there are cases where decrypting network traffic can be helpful in debugging or analyzing security issues. This blog post will guide you through the steps to decrypt Firefox traffic using Wireshark in Ubuntu GNU/Linux.

Step 1: Download and Extract Firefox:

Since Ubuntu uses the snap package manager to install Firefox, which does not provide access to the file system by default, we need to download Firefox from the official website as a tar.gz archive. Open your browser and navigate to the Mozilla Firefox website (https://www.mozilla.org/en-US/firefox/new/) to download the tar.gz package suitable for your Ubuntu version.

Once the download is complete, navigate to the downloaded location and extract the tar.gz file using the following command:

tar -xvf firefox-<version>.tar.gz;

Step 2: Set up the SSLKEYLOGFILE Environment Variable:

To enable Wireshark to decrypt the SSL/TLS traffic from Firefox, we need to set up the SSLKEYLOGFILE environment variable. This variable will point to a log file where Firefox will write the session keys used for encryption. Execute the following command in the terminal:

export SSLKEYLOGFILE="/home/$USER/.ssl-key.log";

This command sets the SSLKEYLOGFILE environment variable to the specified file path, which is /home/$USER/.ssl-key.log. Feel free to change the file path and name to your preference.

Step 3: Launch Wireshark and Configure Preferences:

Open the terminal and start Wireshark by entering the following command:

wireshark;

Once Wireshark runs, go to “Edit” in the menu bar and select “Preferences” from the dropdown menu. This will open the Wireshark Preferences window.

Step 4: Configure TLS Protocol Preferences:

In the Preferences window, locate and select “Protocols” on the left-hand side. Scroll down the protocols list and find “TLS”. Click on it to expand the options.

Within the TLS section, you will find a field labeled “(Pre)-Master-Secret log filename”. Click on the folder icon next to the field and browse to select the file path for the SSLKEYLOGFILE we set earlier.

After selecting the file path, click the “OK” button to save the changes and close the Preferences window.

Step 5: Capture and Decrypt Firefox Traffic:

With the configuration set up, you can now start capturing and decrypting Firefox traffic. Keep the Wireshark application running and launch the Firefox browser you downloaded and extracted earlier.

Wireshark will capture the network traffic as you browse the web using Firefox. You should be able to see the decrypted traffic in the Wireshark capture window.

Conclusion:

Decrypting network traffic using Wireshark can be valuable for analyzing and troubleshooting network-related issues. This blog post covered the steps to decrypt Firefox traffic using Wireshark in Ubuntu GNU/Linux. By downloading Firefox directly from the website, setting up the SSLKEYLOGFILE environment variable, and configuring Wireshark preferences, you can capture and analyze unencrypted network traffic within Wireshark. Remember to use this technique responsibly and respect the privacy of others while conducting network analysis.

C++ Source code to encrypt and decrypt the Ceasar cipher

 in C++ / Programming  tagged C++ / Ceasar / Cipher / cpp / decrypt / encrypt by

The following code accepts one line from the standard input and uses the functions encrypt and decrypt to break the Ceasar cipher when the key is known. In this example, the key was the number 12, the day of birth of Julius Ceasar.

[download id=”11738″]

#include <iostream>
#include <string> 

using namespace std;

#define OFFSET_SMALL (97)
#define OFFSET_BIG (65)
#define LATIN_CHARACTERS (26)

// Text and offset for the shift are sent into this function, which returns the text's encrypted version.
string encrypt(string text, int offset)
{
    string result = "";

    for (long unsigned int i = 0; i < text.length(); i++)
    {
        if (std::isalpha(text[i]))
        {
            if (std::islower(text[i]))
            {
                result += char (int(text[i] + offset - OFFSET_SMALL) % LATIN_CHARACTERS + OFFSET_SMALL);
            }
            else
            {
                result += char (int(text[i] + offset - OFFSET_BIG) % LATIN_CHARACTERS + OFFSET_BIG);
            }
        }

        else
        {
            result += text[i];
        }
    }

    return result;
}

// Text and offset for the shift are sent into this function, which returns the text's decrypted version.
string decrypt(string text, int offset)
{
    return encrypt(text, LATIN_CHARACTERS - offset);
}

int main() {
    string encrypted;
    getline(cin, encrypted);

    // Sample execution showing how to decrypt an already encrypted message.
    // Julius Ceasar was born on July 12, 100BC
    cout << decrypt(encrypted, 12);

    return 0;
}

[download id=”11738″]

.

Side note:

While authoring this post, we found a peculiar bug in the plugin named “SyntaxHlighlighter Evolved.”

Specifically, when we added the string char( in our C++ source code, we would get the following error back:

Updating failed. The response is not a valid JSON response.

To mitigate the problem, we added a space character between the word char and the open parenthesis as follows char (.

Fedora 24: Solution to gcrypt.h: No such file or directory

 in C  tagged C++ / decrypt / fedora / gcc / libgcrypt-devel / linux / vpn / vpnc by

Recently we tried to compile cisco-decrypt.c* on Fedora 24 (64bit).
We got the full source code from the website of Maurice Massar.
Download full source code here: [download id=”2078″]

We needed this tool to configure the Gnome 3 native network client to connect to a specific Cisco VPN network.
During the configuration we setup a “Cisco Compatible VPN (vpnc)” VPN.

* Please note that this tool is NOT a hacking nor cracking tool. In order for you to make any use of it, you need to have a valid PCF file given to you by your system administrator. It is only useful when you need to get the group password to configure a system that does not accept the PCF file with the encrypted password.

To compile the code you can use one of the following two methods:

Compilation method 1

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

If the package libgcrypt-devel is not installed you will get a prompt message as follows, which will instruct you to install the missing package.
You need to type y to both questions so that the installation will proceed. Once the installation is done, execute once more the compilation command.

As you can see below, you might get a whole bunch of errors, ignore them and try to compile once more. It seems to be a bug that will not affect the end result (at least in this scenario).

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
bash: libgcrypt-config: command not found...
Install package 'libgcrypt-devel' to provide command 'libgcrypt-config'? [N/y] y

Proceed with changes? [N/y] y

gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Loading: No such file or directory
gcc: error: list: No such file or directory
gcc: error: of: No such file or directory
gcc: error: packages....: No such file or directory
gcc: error: The: No such file or directory
gcc: error: following: No such file or directory
gcc: error: packages: No such file or directory
gcc: error: have: No such file or directory
gcc: error: to: No such file or directory
gcc: error: be: No such file or directory
gcc: error: installed:: No such file or directory
gcc: error: libgcrypt-devel-1.6.6-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgcrypt: No such file or directory
gcc: error: package: No such file or directory
gcc: error: libgpg-error-devel-1.24-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgpg-error: No such file or directory
gcc: error: package: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: for: No such file or directory
gcc: error: authentication...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Downloading: No such file or directory
gcc: error: packages...: No such file or directory
gcc: error: Requesting: No such file or directory
gcc: error: data...: No such file or directory
gcc: error: Testing: No such file or directory
gcc: error: changes...: No such file or directory
gcc: error: Installing: No such file or directory
gcc: error: packages...: No such file or directory

Compilation method 2

In case the above method does not work for you for some reason, you can try the following.

gcc -Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt

If the package libgcrypt-devel is not installed you will get an error as follows.

gcc -Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt
cisco-decrypt.c:30:20: fatal error: gcrypt.h: No such file or directory
 #include <gcrypt.h>
                    ^
compilation terminated.

In this case use

sudo dnf install libgcrypt-devel

to install the missing library and try again to compile.

To use

Open your PCF file with a text editor. Find the line that starts with enc_GroupPwd= and copy the characters after that.

Paste the characters as the first command line argument to the newly compiled application. The password will be the line returned right after.


./cisco-decrypt 886E2FC74BFCD8B6FAF47784C386A50D0C1A5D0528D1E682B7EBAB6B2E91E792E389914767193F9114FA26C1E192034754F85FC97ED36509
Th!sIsMyK3y#

Other notes

In the case you get these errors:

/tmp/ccHrH1kZ.o: In function `c_decrypt':
cisco-decrypt.c:(.text+0x243): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x267): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x2b4): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x31d): undefined reference to `gcry_cipher_open'
cisco-decrypt.c:(.text+0x33b): undefined reference to `gcry_cipher_setkey'
cisco-decrypt.c:(.text+0x356): undefined reference to `gcry_cipher_setiv'
cisco-decrypt.c:(.text+0x382): undefined reference to `gcry_cipher_decrypt'
cisco-decrypt.c:(.text+0x391): undefined reference to `gcry_cipher_close'
/tmp/ccHrH1kZ.o: In function `main':
cisco-decrypt.c:(.text+0x41e): undefined reference to `gcry_check_version'
collect2: error: ld returned 1 exit status

It most probably means that you did not add on your compilation command one of the following two parameters

  1. $(libgcrypt-config –libs –cflags)
  2. -lgcrypt

You need one of these two options to be on the command line to compile.