locked
SSL related RRS feed

  • Question

  •  I recently created a TCP layer filter to capture HTTPS/TLS setup. After getting it all working, I've discovered it's of little value as I still can't decrypt captured messages. I noticed another  WFP  posts indicated you need the server's private key  to decrypt, which unless you own the server, you do not have. If there was a way to get the pre-secret before it's RSA encoded by the public key, or to reverse encode it, I believe I could decrypt. Or to just get access to the master secret. I recognize that security is a sensitive area. However, I tend to think that if I load software onto my home machine, I should be able to take a look at what ever is going in/out, and that being resident as an installed application on the machine should enable  capabilities more so that just being a wire trace. I'm sure you are aware that most of the web sites have recently transitioned to https to debunk the NSA spies. Also, I'm sure you are  aware that not  being able to access the body contents of a packet, greatly reduces the value of what can be done with a WFP filter. So my question is, are there any plans at Microsoft to enable being able to decrypt  these SSL messages from WFP filters? Or, are there any plans to provide a filter layer to wedge between the applications and the TLS? I realize that it's possibly to create proxies, such as Squid. But these are not nearly as elegant, or as easy  WFP.  Enabling WFP to be able to see all payloads creates a multitude of valued uses for WFP, which are otherwise  deprecated as everyone shifts  to HTTPS. Or, am I not  understanding or not aware of some windows capability. Thank You

    Friday, April 25, 2014 8:23 PM

All replies

  • At this time there are no concrete plans to implement a layer in WFP that sits post SSL decryption.  I am not aware of any plans on the HTTPS team to do this either.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Saturday, April 26, 2014 9:05 PM
    Moderator