Broken

Prerequisites & Requirements

• Basic cryptography knowledge (RSA: modulus, primes, gcd, private key reconstruction).
• Familiarity with Wireshark / tshark and exporting TLS certificate blobs.
• Python 3 and basic scripting skills.
• Installed tools: openssl, wireshark (or tshark), python3 (and optionally pycryptodome or cryptography).

What will you learn?

• How a shared RSA prime between two distinct keys creates a trivial factorization via gcd(n1,n2).
• How to extract certificate moduli from packet captures.
• How to reconstruct an RSA private key from factors and use it to decrypt captured TLS sessions (when RSA key-exchange is used).
• Practical DFIR steps: extracting certs from pcap, converting DER→PEM, reconstructing keys, importing keys into Wireshark and exposing plaintext HTTP objects.

Tools

• Wireshark (GUI) / tshark
• openssl (CLI)
• python3 (stdlib + optionally pycryptodome)
• (Optional) RsaCtfTool for automation
• (Optional) scapy (if you want to reproduce or re-sniff the traffic)