eaphammer icon indicating copy to clipboard operation
eaphammer copied to clipboard

Published 20 hours ago verified publisher icon s0lst1c3

Exchange TLS symmetric keys via RSA instead of DH to debug/inspect PEAP and EAP-TTLS tunnels

Open carlospolop opened this issue 5 years ago • 1 comments

During an assessment I had problems within a PEAP communication, but as the TLS tunnel was created using DH to share keys I wasn't able to decrypt the tunnel. Anyway, I finally discovered that if in hostapd-wpe you comment the line where the DH file is indicated (the dh_file=/path/to/dh_params line) the TLS tunnel is created sharing keys via RSA and you can easily decrypt that tunnel with Wireshark using the servers private key.

Describe the solution you'd like I would like that eaphammer implement this behaviour by default (if the author considers that this won't suppose any security issue).

Describe alternatives you've considered

  • Create an eaphammer parameter to indicate when you want this behaviour
  • Add this behaviour to --debug

Additional context I suppose that this would also be useful to decrypt EAP-TTLS tunnels, but I haven't tried it yet.

Thank you very much for the tool and for your time.

carlospolop avatar Jan 10 '20 15:01 carlospolop

This is awesome and will definitely be added in the future. Thanks for figuring this out!

s0lst1c3 avatar Mar 11 '20 13:03 s0lst1c3