03-20-2013, 10:34 PM
And some more data to test: I am now trying with SSL: a connection to GMail website using a test account. I am trying to extract the hash using "ssldump":
It gives me lots of data. There are some lines that could be the hash:
May I extract the handshake from here?
OCLHashCat-Plus process correctly this hash in -m 1400 (SHA256) type, but it does not find my password ("12345678" again):
I can post the results of ssldump if requested. There are several lines like "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" or "TLS_RSA_WITH_RC4_128_SHA".
Code:
ssldump -r GMailConnection.capIt gives me lots of data. There are some lines that could be the hash:
Code:
36 148 6.5794 (3.2014) C>S application_data
47 2 1.2720 (0.0953) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
6b 57 35 8a 65 fd 43 62 84 d3 8b 1c b2 45 79 e9
ec f6 af f3 72 6c 0b c5 97 83 59 1c 04 37 3d b7
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
47 3 1.2720 (0.0000) S>C ChangeCipherSpec
47 4 1.2720 (0.0000) S>C HandshakeOCLHashCat-Plus process correctly this hash in -m 1400 (SHA256) type, but it does not find my password ("12345678" again):
Code:
oclhashcat-plus64 -m 1400 6b57358a65fd436284d38b1cb24fdae9ecf6aff3726c0bc59783591c04373db7 -a 3 12345678I can post the results of ssldump if requested. There are several lines like "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" or "TLS_RSA_WITH_RC4_128_SHA".