Alright so here goes in real ugly fashion:
What is involved in an encrypted connection 101:1) Client --> Server
2) Client --> network --> Server
3) Client --> network --> Can we agree on an algorithm to send secure data? --> Server (pre sending packets)
With this said, you need to be in the stream of client server to make this happen. As the Client, you're sending #3 in order to establish a secure connection. This will involved coming to an agreement where the Client and Server can communicate based on predefined parameters. E.g., SSL, keys, etc.
You need to perform the following:
Client --> | Intercept --> Server (sent as you)
You -------/
You (acting as a proxy, MITM, etc.) --> Hi, I'm Client, here is my key||cert, let's talk --> Server
Server will respond and negotiate with you depending on what it is your HIJACKING/MITM at this point (will only work on SSL this explanation)
The following occurs:
Server --> Agreed, I saw your cert, let's get started --> Client (which is you via Proxy MITM)
Thus the conversation begins>
From Client to server1) Client --> (intercepted and passed to you) --> You read, copy, re-encrypt --> Send YOUR ENCRYPTED VERSION --> Server
From Server to you1) Server --> yup, yup, here is your data --> Client (which is you) --> YOUR MACHINE (read, copy, re-encrypt) --> Hey! I'm your server connection here is your encrypted data --> Client
As to previous post: "
This is where you would learn the hardcore stuff about encryption,ssl,ssh etc etc and learn exactly how the encryption works as well as the handshakes", good luck getting by CBC. There is a lot more to understand than handshakes, so if terms like confusion, diffusion, EEE, EDE, CBC, glitching and timing make you punch it in to Google, one need learn A LOT. So to put it bluntly, matter-of-factly, even if you 'had the skills' to do this, you wouldn't be posting on forums of how to break it so here is an olive branch.
Under VPNs there are usually two modes, main mode and aggressive mode. Aggressive mode IS tap-able but you need to know alot about TOCTTOU, race conditions and so on. Even with main mode, it's still doable (although I haven't seen it personally, but have read about the theory) however when PFS is involved, its an altogether 'nother story.
If you want to learn more about WHY things are an issue, I suggest Googling: "key establishment problem" (quick link posted). As for "stealing keys", anything is possible however, what do you think you'd be able to do if you compromised my machine, stole my key and tried to connect to a trusted address with my IP bound? Blind spoofing? Sure, you can send, but you'd never receive unless you're on the same network as me and then you'd have to DoS me to oblivion. Because you're doing blind spoofs to send, the server WILL respond to me since it believes its talking to me. At that point, my machine in a confused state sends an RST: "I didn't set up this connection... What are you talking about?" to the server. Server drops the connection never giving you a full conversation... What did you accomplish. You're better off trying to get a client to download say a customized dropper, traverse to their machine and log from either endpoint once its decrypted
1)
http://www.corelan.be:8800/index.php/2008/06/25/building-ipsec-vpn-with-juniper-netscreen-screenos-cjfv/2)
http://www.securityfocus.com/archive/1/4084783)
http://www.springerlink.com/content/2ykbd7x4xv9l7l5f/
News Items and General Discussion About EH-Net : Change is Coming to EH-Net!!
