An old but hugely overlooked issue. Many appliance vendors ship their units with a default private key for SSL communications. Even if you reissue a new certificate, your appliance could still be using the same private key as everyone else’s.. and it’s typically bundled within the firmware packages publicly distributed by the application vendor. This affects everything from DD-WRT to enterprise class VPN appliances, tape libraries, and firewalls.
Well, someone has finally begun cataloguing these into a searchable database:
Just lookup the device in question, point the lookup tool to a running appliance, or feed it a packet capture or live network interface and it will provide any known private keys. Once the private key is obtained, you can decrypt the SSL stream with tshark:
tshark -nn -t ad -r <pcap_file> -o ssl.keys_list:<HTTPS_server_IP>,443,http,”<private_key.pem>” -V -R http