This question already has an answer here:
- Understanding SSL man-in-the-middle and its limitations 2 answers
- it is possible to decrypt HTTPS with the (private, public) pair if it uses DHE? 3 answers
I’ve create a RogueAP with my RaspberryPI. With this cool tool i’m able to intercept HTTP authentification : https://github.com/DanMcInerney/net-creds
For the next level i want to try to intercept HTTPS.
My thoeriy is :
The client use the public certificate of the server to encrypt the data and the server use the private key to decode and read the data
If i get the private key of the server i’m able to read HTTPS ?
Exemple : i host the website : www.easyhack.com i install HTTPS with the certbot on this website i download the private key generated by certbot i start wireshark and i search create a pcap
how to use the cert to decode the HTTPS My thoery is exact ? I’m just curious not a brillant specialist
what do you think about that ? (sorry for my english, i’m french)