Network - Wireshark decrypts SSL Traffic

2024-05-31 01:48
文章标签 network wireshark ssl traffic decrypts

本文主要是介绍Network - Wireshark decrypts SSL Traffic,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

Step one – set up an SSL-protected server to use as a testbed

To illustrate the process, we’re going to use OpenSSL to generate a certificate and act as a web server running HTTP over SSL (aka HTTPS) – it’s quite straightforward.

To begin with, we need to get ourselves a self-signed certificate that our HTTPS server can use. We can do this with a single command:

┌─[lab@core]─[/tmp/ssldemo]
└──╼ openssl req -x509 -nodes -newkey rsa:1024 -keyout testkey.pem -out testcert.pem
Generating a 1024 bit RSA private key
......................++++++
...............++++++
writing new private key to 'testkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:XX
State or Province Name (full name) [Some-State]:XX
Locality Name (eg, city) []:XX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XX
Organizational Unit Name (eg, section) []:XX
Common Name (e.g. server FQDN or YOUR name) []:XX
Email Address []:
┌─[lab@core]─[/tmp/ssldemo]
└──╼ ll
total 8.0K
-rw-r--r-- 1 lab lab 924 Oct 18 06:19 testcert.pem
-rw-r--r-- 1 lab lab 916 Oct 18 06:19 testkey.pem

OpenSSL will ask you for some input to populate your certificate with; once you’ve answered all the questions, the output of this command is two files, testkey.pem (containing a 1024 bit RSA private key) and testcert.pem (containing a self signed certificate). PEM (Privacy Enhanced Mail) format files are plaintext, and consist of a BASE64 encoded body with header and footer lines. You can look at the contents of your key and certificate files in more detail like this:

┌─[lab@core]─[/tmp/ssldemo]
└──╼ openssl rsa -in testkey.pem -text -noout
┌─[lab@core]─[/tmp/ssldemo]
└──╼ openssl x509 -in testcert.pem -text -noout

We need to perform one tiny tweak to the format of the private key file (Wireshark will use this later on, and it won’t work properly until we’ve done this):

┌─[lab@core]─[/tmp/ssldemo]
└──╼ openssl rsa -in testkey.pem -out testkey.pem
writing RSA key

Now we’re ready to fire up our HTTPS server:

┌─[lab@core]─[/tmp/ssldemo]
└──╼ openssl s_server -key testkey.pem -cert testcert.pem -WWW -cipher RC4-SHA -accept 443
Using default temp DH parameters
ACCEPT
bind: Permission denied0 items in the session cache0 client connects (SSL_connect())0 client renegotiates (SSL_connect())0 client connects that finished0 server accepts (SSL_accept())0 server renegotiates (SSL_accept())0 server accepts that finished0 session cache hits0 session cache misses0 session cache timeouts0 callback cache hits0 cache full overflows (128 allowed)

The -key and -cert parameters to the s_server command reference the files we’ve just created, and the -WWW parameter (this one is case sensitive) causes OpenSSL to act like a simple web server capable of retrieving files in the current directory (I created a simple test file called myfile.html for the purposes of the test).

The -cipher parameter tells the server to use a particular cipher suite – I’m using RC4-SHA because that’s what’s used when you go to https://www.google.com. The RC4-SHA cipher suite will use RSA keys for authentication and key exchange, 128-bit RC4 for encryption, and SHA1 for hashing.

Having got our server up and running, we can point a browser at https://myserver/myfile.html and retrieve our test file via SSL (you can ignore any warnings about the validity of the certificate). If you’ve got this working, we can move on to…

Step two – capture some traffic with Wireshark

Fire up Wireshark on the server machine, ideally with a capture filter like “tcp port 443” so that we don’t capture any unnecessary traffic. Once we’re capturing, point your browser (running on a different machine) at https://myserver/myfile.html and stop the capture once it’s complete.

Right-click on any of the captured frames and select “Follow TCP stream” – a window will pop up that’s largely full of SSL-protected gobbledegook.

configuring Wireshark for decryption

Close the TCP Stream window and select Preferences from Wireshark’s Edit menu. Expand the “Protocols” node in the tree on the left and scroll down to SSL (in newer versions of Wireshark, you can open the node and type SSL and it will take you there).

Once SSL is selected, there’s an option on the right to enter an “RSA keys list”. Enter something like this:

ssl decrypt

ssl decrypt

References

https://wirewatcher.wordpress.com/2010/07/20/decrypting-ssl-traffic-with-wireshark-and-ways-to-prevent-it/
http://support.citrix.com/article/CTX116557

这篇关于Network - Wireshark decrypts SSL Traffic的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/1017222

相关文章

poj 2349 Arctic Network uva 10369(prim or kruscal最小生成树)

poj 2349 Arctic Network uva 10369(prim or kruscal最小生成树)

题目很麻烦,因为不熟悉最小生成树的算法调试了好久。 感觉网上的题目解释都没说得很清楚,不适合新手。自己写一个。 题意:给你点的坐标,然后两点间可以有两种方式来通信:第一种是卫星通信,第二种是无线电通信。 卫星通信:任何两个有卫星频道的点间都可以直接建立连接,与点间的距离无关; 无线电通信:两个点之间的距离不能超过D,无线电收发器的功率越大,D越大,越昂贵。 计算无线电收发器D
阅读更多...
消除安卓SDK更新时的“https://dl-ssl.google.com refused”异常的方法

消除安卓SDK更新时的“https://dl-ssl.google.com refused”异常的方法

消除安卓SDK更新时的“https://dl-ssl.google.com refused”异常的方法   消除安卓SDK更新时的“https://dl-ssl.google.com refused”异常的方法 [转载]原地址:http://blog.csdn.net/x605940745/article/details/17911115 消除SDK更新时的“
阅读更多...
Android逆向(反调,脱壳,过ssl证书脚本)

Android逆向(反调,脱壳,过ssl证书脚本)

文章目录 总结 基础Android基础工具 定位关键代码页面activity定位数据包参数定位堆栈追踪 编写反调脱壳好用的脚本过ssl证书校验抓包反调的脚本打印堆栈bilibili反调的脚本 总结 暑假做了两个月的Android逆向,记录一下自己学到的东西。对于app渗透有了一些思路。 这两个月主要做的是代码分析,对于分析完后的持久化等没有学习。主要是如何反编译源码,如何找到
阅读更多...
图神经网络框架DGL实现Graph Attention Network (GAT)笔记

图神经网络框架DGL实现Graph Attention Network (GAT)笔记

参考列表: [1]深入理解图注意力机制 [2]DGL官方学习教程一 ——基础操作&消息传递 [3]Cora数据集介绍+python读取 一、DGL实现GAT分类机器学习论文 程序摘自[1],该程序实现了利用图神经网络框架——DGL,实现图注意网络(GAT)。应用demo为对机器学习论文数据集——Cora,对论文所属类别进行分类。(下图摘自[3]) 1. 程序 Ubuntu:18.04
阅读更多...
wireshark安装及抓包新手使用教程

wireshark安装及抓包新手使用教程

Wireshark是非常流行的网络封包分析软件,可以截取各种网络数据包,并显示数据包详细信息。常用于开发测试过程各种问题定位。本文主要内容包括:   1、Wireshark软件下载和安装以及Wireshark主界面介绍。   2、WireShark简单抓包示例。通过该例子学会怎么抓包以及如何简单查看分析数据包内容。   3、Wireshark过滤器使用。过滤器包含两种类型,一种是抓包过滤器,
阅读更多...
深度学习--对抗生成网络(GAN, Generative Adversarial Network)

深度学习--对抗生成网络(GAN, Generative Adversarial Network)

对抗生成网络(GAN, Generative Adversarial Network)是一种深度学习模型,由Ian Goodfellow等人在2014年提出。GAN主要用于生成数据,通过两个神经网络相互对抗,来生成以假乱真的新数据。以下是对GAN的详细阐述,包括其概念、作用、核心要点、实现过程、代码实现和适用场景。 1. 概念 GAN由两个神经网络组成:生成器(Generator)和判别器(D
阅读更多...
828华为云征文|基于Flexus云服务器X实例的应用场景-拥有一款自己的ssl监控工具

828华为云征文|基于Flexus云服务器X实例的应用场景-拥有一款自己的ssl监控工具

先看这里 写在前面效果图华为云Flexus云服务器X实例介绍特点可选配置购买 连接服务器Uptime-kuma简介开源信息部署准备工作:docker部署命令访问uptime-kuma 基本配置总结 写在前面 作为一个个人开发者,相信你手里肯定也有不少自己的服务,有的服务呢也是https的。 以前ssl各厂都是可以免费申请一年的,我们更换的频率还好,比较小;但是最近,各厂都
阅读更多...
Neighborhood Homophily-based Graph Convolutional Network

Neighborhood Homophily-based Graph Convolutional Network

#paper/ccfB 推荐指数: #paper/⭐ #pp/图结构学习 流程 重定义同配性指标: N H i k = ∣ N ( i , k , c m a x ) ∣ ∣ N ( i , k ) ∣ with c m a x = arg ⁡ max ⁡ c ∈ [ 1 , C ] ∣ N ( i , k , c ) ∣ NH_i^k=\frac{|\mathcal{N}(i,k,c_{
阅读更多...
TLS和SSL的区别比较

TLS和SSL的区别比较

1、定义和组成       SSL:(Secure Socket Layer,安全套接字层),位于可靠的面向连接的网络层协议和应用层协议之间的一种协议层。SSL通过互相认证、使用数字签名确保完整性、使用加密确保私密性,以实现客户端和服务器之间的安全通讯。该协议由两层组成:SSL记录协议和SSL握手协议。   TLS:(Transport
阅读更多...
MQTT broker搭建并用SSL加密

MQTT broker搭建并用SSL加密

系统为centos,基于emqx搭建broker,流程参考官方。 安装好后,用ssl加密。 进入/etc/emqx/certs,可以看到 分别为 cacert.pem CA 文件cert.pem 服务端证书key.pem 服务端keyclient-cert.pem 客户端证书client-key.pem 客户端key 编辑emqx配置:vim /etc/emqx/emqx.conf,添加s
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2