无法使用 Wireshark 解密 HTTPS 流量

【问题标题】:Cannot decrypt HTTPS Traffic with Wireshark无法使用 Wireshark 解密 HTTPS 流量
【发布时间】:2018-04-15 07:41:19
【问题描述】:

无法使用 Wireshark 解密 HTTPS。完成的步骤描述如下。有人可以帮忙解释一下吗?谢谢!

第一步:启动一个http服务器

    C:\Users\ebinshe\Documents\projects\test-openssl
    λ echo 'hello, world.' >index.txt

    C:\Users\ebinshe\Documents\projects\test-openssl
    λ openssl s_server -key key.pem -cert cert.pem -WWW
    Using default temp DH parameters
    ACCEPT

第 2 步:使用“openssl”对其进行测试,并使用“RawCap.exe”捕获流量

    C:\Users\ebinshe\Documents\projects\test-openssl
    λ openssl s_client -crlf -cipher 'DHE-RSA-AES128-SHA' -host localhost  -port 4433 -no_tls1_2
    CONNECTED(00000003)
    depth=0 CN = localhost
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 CN = localhost
    verify return:1
    ---
    Certificate chain
     0 s:/CN=localhost
       i:/CN=localhost
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIC+zCCAeOgAwIBAgIJAJ6LbmE3wd3bMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
    BAMMCWxvY2FsaG9zdDAeFw0xNzEwMjkxMDE0MjhaFw0xNzExMjgxMDE0MjhaMBQx
    EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBALZEnU+F4XknWZRvbtkZoKhbcoOguYUPbrucYREsjN+o9i4N8kmtNpiqDav+
    J68Uk0r4o3WGhtAoaLdbqny1U+mWuMGUrwHi2fR1X7T6IZHOKLhqdbJLi9i3V7KD
    7FLhz20ttbUQHaKlA5BqBiEYptRYOpFrK75R3UFdBGG8SBAoMitqzzLERwPbZDqH
    Lk8ZWDLXLnmbDh0jda3B26yjCB9UHCwKJNCqqIDajmOhPq8khH32ZPQQ3NPndNTa
    fob5e/vJgjBCHHX7wutIG6fUfuBnokUE2R+Wkg3iGu8fHQ0SY+6Wlmk+nTeJ+HeK
    1anuqhwxjZ9Xj1HTGGJIS/JxIlsCAwEAAaNQME4wHQYDVR0OBBYEFOhulfYh0HDL
    ItQwXVsceqOdlSx1MB8GA1UdIwQYMBaAFOhulfYh0HDLItQwXVsceqOdlSx1MAwG
    A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKlMRvbkQIrvtBTJH7+1c/Dr
    JFR0VhOdDHCDWm1mSw+o+REffaGJHzLUztq2fx7Tciqcsd+5E+RsNn7ySYxiMohD
    ud25g/sBoGTqiayNGAJMOSK3/ndskXh9rnLzPBwJ1RRXcTn4aCYYSoddhyfM1Dzl
    4SMQkPAW1uMWisPXfl9d7LFzC2wkMj/YswGNkKnEOUIjyfxgexaXgFbOf6+FrUmU
    SWcBaw44YOwAYLEL7cVoOo9TXe/i3cSlNJMw6Q8306nnCiiyMAqDN2wTcQUzzDx6
    jGGr5eDMuMLC5slWlOK1X7lEA1kNX6uPSktL2TGnzgq7a4nbxjBFHDDa/3/dcU8=
    -----END CERTIFICATE-----
    subject=/CN=localhost
    issuer=/CN=localhost
    ---
    No client certificate CA names sent
    Server Temp Key: DH, 2048 bits
    ---
    SSL handshake has read 1890 bytes and written 442 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: zlib compression
    Expansion: zlib compression
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.1
        Cipher    : DHE-RSA-AES128-SHA
        Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
        Session-ID-ctx:
        Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 6c 5c 1b df f9 18 4b d0-5d c0 a9 f6 90 c1 d4 d1   l\....K.].......
        0010 - 71 1e 4b f9 80 f4 f5 d3-fd 12 f7 92 11 2b a3 be   q.K..........+..
        0020 - 59 31 f2 39 84 cd c9 c6-1b 9b bb f9 9f dd 1c dd   Y1.9............
        0030 - 8d 97 3b 1f 75 6f 9c 78-dc 63 73 8b b7 ac 9d d0   ..;.uo.x.cs.....
        0040 - 20 a3 f1 7e f5 c4 ae b4-56 d5 e1 bd e7 70 21 bb    ..~....V....p!.
        0050 - 08 f3 d3 6d fd 1b 6b a8-e6 92 de 13 c9 51 3e 0a   ...m..k......Q>.
        0060 - ee 54 98 0f 79 f3 fe cf-4f e2 a8 47 68 9e 58 f8   .T..y...O..Gh.X.
        0070 - 9d f6 98 28 2d 7f 23 fc-f5 5e 34 ec 5c 30 43 a4   ...(-.#..^4.\0C.
        0080 - e1 4c 3e 92 41 b2 f5 18-68 8f 6c f8 84 5c 11 3a   .L>.A...h.l..\.:
        0090 - 30 11 8a 7a 56 e0 18 3d-c3 27 a2 e5 26 f0 b4 2e   0..zV..=.'..&...

    Compression: 1 (zlib compression)
    Start Time: 1509640881
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
    ---
    GET /index.txt HTTP/1.1
    HTTP/1.0 200 ok
    Content-type: text/plain

    'hello, world.'
    read:errno=0

第 3 步:从

创建 key.log 
    Session-ID: 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769
    Master-Key: 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211

生成的 key.log

    CLIENT_RANDOM 02F8CB0E6E0BD370A7128C5DE27FC8B3A65A8C212FB91E3A389FB447CB651769 907B687CA8045DCEFB9A168316B6D47C12CC8C6F9EEAB6590427610BD4ACB00CACC2170CB80370EBBF15E5E32204C211

第4步:将Wireshark SSL“(Pre)-Master-Secret log filename”指向它。

使用 Wireshark 加载流量。 SSL 数据帧未解密。

Wireshark SSL 调试日志:

λ cat debug.log
Wireshark SSL debug log

Wireshark version: 2.4.2 (v2.4.2-0-gb6c63ae086)
GnuTLS version:    3.4.11
Libgcrypt version: 1.7.6


dissect_ssl enter frame #463 (first time)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 95, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100
Calculating hash with offset 5 95
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #465 (first time)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 1460
ssl_try_set_version found version 0x0302 -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 58, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
Calculating hash with offset 5 58
ssl_try_set_version found version 0x0302 -> state 0x11
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_set_cipher found CIPHER 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA -> state 0x17
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
  checking keylog line: # SSL/TLS secrets log file, generated by NSS
    unrecognized line
  checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
    matched client_random
tls13_change_key TLS version 0x302 is not 1.3
tls13_change_key TLS version 0x302 is not 1.3
  record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 777, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
Calculating hash with offset 68 777
lookup(KeyID)[20]:
| 73 ab d9 0c d6 09 d6 06 b9 d7 28 b9 25 12 85 bb |s.........(.%...|
| c2 14 09 02                                     |....            |
ssl_find_private_key_by_pubkey: lookup result: 0000000000000000
  record: offset = 845, reported_length_remaining = 615
  need_desegmentation: offset = 845, reported_length_remaining = 615

dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 781, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786
Calculating hash with offset 5 781

dissect_ssl enter frame #466 (first time)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9
Calculating hash with offset 5 4

dissect_ssl enter frame #468 (first time)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
Calculating hash with offset 5 262
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
  checking keylog line: # SSL/TLS secrets log file, generated by NSS
    unrecognized line
  checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
    matched client_random
ssl_generate_pre_master_secret: found SSL_HND_CLIENT_KEY_EXCHG, state 17
ssl_restore_master_key can't find pre-master secret by Unencrypted pre-master secret
ssl_restore_master_key can't find pre-master secret by Encrypted pre-master secret
dissect_ssl3_handshake can't generate pre master secret
  record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
  checking keylog line: # SSL/TLS secrets log file, generated by NSS
    unrecognized line
  checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
    matched client_random
ssl_finalize_decryption state = 0x17
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342

dissect_ssl enter frame #470 (first time)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 170, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
Calculating hash with offset 5 170
ssl_save_master_key not saving empty (pre-)master secret for Session Ticket!
  record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
decrypt_ssl3_record: app_data len 1, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
ssl_dissect_change_cipher_spec Not using Session resumption
trying to use SSL keylog in C:\Users\ebinshe\sslkeylogfile.log
ssl_load_keyfile file got deleted, trying to re-open
  checking keylog line: # SSL/TLS secrets log file, generated by NSS
    unrecognized line
  checking keylog line: CLIENT_RANDOM DCD58E1764FDC7A5EA5BC169ED4C96C0D6661120F8A02E96D524F33C155DB934 4DF856122B924EC0E5CA53F1DCE0C95F1FEC1E315E552619DCB5E3963DCAD47A41FF301BAEA33743FADD2E636A0A1D52
    matched client_random
ssl_finalize_decryption state = 0x417
ssl_restore_master_key can't restore master secret using an empty Session ID
ssl_restore_master_key can't find master secret by Client Random
  Cannot find master secret
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
  record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 64, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250

dissect_ssl enter frame #472 (first time)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 80, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #474 (first time)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 112, ssl state 0x417
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #478 (first time)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 000000000836DF80
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert
decrypt_ssl3_record: app_data len 48, ssl state 0x417
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available

dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100

dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
  record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
  record: offset = 845, reported_length_remaining = 615
  need_desegmentation: offset = 845, reported_length_remaining = 615

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
  record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342

dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
  record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250

dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert

dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100

dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
  record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
  record: offset = 845, reported_length_remaining = 615
  need_desegmentation: offset = 845, reported_length_remaining = 615

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
  record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342

dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
  record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250

dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert

dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100

dissect_ssl enter frame #463 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 100
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 91 bytes, remaining 100

dissect_ssl enter frame #465 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 1460
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 54 bytes, remaining 63
  record: offset = 63, reported_length_remaining = 1397
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 68 length 773 bytes, remaining 845
  record: offset = 845, reported_length_remaining = 615
  need_desegmentation: offset = 845, reported_length_remaining = 615

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 786
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 12 offset 5 length 777 bytes, remaining 786

dissect_ssl enter frame #466 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9

dissect_ssl enter frame #468 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 342
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267
  record: offset = 267, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 273, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 103 offset 278 length 7643659 bytes, remaining 342

dissect_ssl enter frame #470 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 250
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 166 bytes, remaining 175
  record: offset = 175, reported_length_remaining = 75
dissect_ssl3_record: content_type 20 Change Cipher Spec
  record: offset = 181, reported_length_remaining = 69
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 83 offset 186 length 7227761 bytes, remaining 250

dissect_ssl enter frame #472 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 85
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data

dissect_ssl enter frame #478 (already visited)
packet_from_server: is from server - FALSE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 21 Alert

dissect_ssl enter frame #474 (already visited)
packet_from_server: is from server - TRUE
  conversation = 000000000836D550, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 117
dissect_ssl3_record: content_type 23 Application Data

【问题讨论】:

    标签: ssl encryption https wireshark


    【解决方案1】:

    好的,我自己找到了线索。即使是最新的 openssl 版本,即 1.1.0f 也不支持 key log。简单地从日志中获取 Session-ID 和 Master-Key 是行不通的。新选项 -keylogfile 很可能会在下一个版本的 openssl 中得到支持。有关详细信息,请参阅以下内容。 

    c:\Program Files (x86)\OpenSSL-Win32\bin
λ .\openssl.exe version -a
OpenSSL 1.1.0f  25 May 2017
built on: reproducible build, date unspecified
platform:
compiler: cl " "VC-WIN32
OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"
ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"

c:\Program Files (x86)\OpenSSL-Win32\bin
λ which openssl
c:\Program Files (x86)\OpenSSL-Win32\bin
λ "c:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe" s_client -crlf  -connect localhost:4433 -keylogfile c:\Users\ebinshe\keylogfile.log
s_client: Option unknown option -keylogfile
s_client: Use -help for summary.

c:\Program Files (x86)\OpenSSL-Win32\bin

    【讨论】:

      猜你喜欢
      • 2013-03-26
      • 2017-09-23
      • 2017-09-18
      • 2021-03-15
      • 2021-05-09
      • 2022-10-17
      • 2015-07-22
      • 2017-01-15
      • 2019-12-09
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode