Thesis Details
Extraction of Decrypted Data from SSL Connection
The goal of the thesis is to develop an application able to decrypt a secure connection and mirror decrypted data to another node for analysis. The application encourages illegal purposes but the intended use of the resulting product is a legal interception. SSLsplit has been selected from the set of tools for this thesis because of its features and performance. This decision was based on tools' benchmarking and features comparison. SSLsplit signs the target server's certificates on the fly using a self-signed certificate. It runs as a transparent proxy directly on the central device in the network (router). SSLsplit performs a man-in-the-middle attack between a client and a server without any notice from either of them. The application sends the decrypted content of processed packets to a specific host in the network for further processing. Integration into the netc interface has been implemented for easier SSLsplit configuration. The application has been tested to determine its performance limits. Performance tests of the finished solution show a significant decline of transactions per second (TPS) when using SSLsplit in comparison to only forwarded traffic. The mirroring feature does not significantly affect the number of TPS or restrict SSLsplit itself. The results show that SSLsplit is capable of real operation with certain limitations.
mirror, SSL/TLS, SSL Proxy, HTTPS
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Martínek Tomáš, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Matoušek Radomil, doc. Ing., Ph.D. (IACS FME BUT), člen
Sekanina Lukáš, prof. Ing., Ph.D. (DCSY FIT BUT), člen
@mastersthesis{FITMT22185,
author = "Jakub Pastuszek",
type = "Master's thesis",
title = "Extraction of Decrypted Data from SSL Connection",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2019,
location = "Brno, CZ",
language = "english",
url = "https://www.fit.vut.cz/study/thesis/22185/"
}