There are 2 secrets in file secrets-1.txt, and each one, by itself, contains enough information for Wireshark to do the decryption. Wireshark is able to decrypt this TLS stream because of the secrets in file secrets-1.txt. When this is done, the TLS data is decrypted, as can be witnessed by the appearance of (green) HTTP protocol packets: I already removed the RSA private key that was set in part 1 (so that it will not influence my part 2 tests):Īnd then I set the “(Pre)-Master-Secret log filename” to secrets-1.txt, the file that was written by curl because environment variable SSLKEYLOGFILE is set to secrets-1.txt. Just like in part 1, we go to preferences for the TLS protocol: This file can be used in Wireshark to decrypt the TLS stream. To force a cipher suite that is based on RSA for the exchange of the pre-master secret, I use options –tls-max 1.2 and –ciphers AES256-SHA. In a first test, I set SSLKEYLOGFILE=secrets-1.txt and issue exactly the same curl command as in part 1:Ĭurl.exe –verbose –insecure –tls-max 1.2 –ciphers AES256-SHA –dump-header 01.headers –output 01.data –trace 01.trace –trace-time This data can be used to decrypt the TLS stream.
When this environment variable is set, a compatible TLS client will write data in the text file pointed to by SSLKEYLOGFILE.
We do this by setting environment variable SSLKEYLOGFILE and subsequently launching our client (Chrome, Firefox, curl, …, but not Internet Explorer). In this blog post, we will use the client to get the necessary information to decrypt TLS streams. In blog post “ Decrypting TLS Streams With Wireshark: Part 1“, I explain how to decrypt TLS streams with a specific type of encryption (pre-master secret exchanged via RSA) using the web server’s private key.
0 kommentar(er)
