包含标签 2024 的文章

wireshark记录

2024年4月7日
| Diagnostic

解析TLS数据包

https://www.ilikejobs.com/posts/wireshark/

Using the (Pre)-Master-Secret
The master secret enables TLS decryption in Wireshark and can be supplied via the Key Log File. The pre-master secret is the result from the key exchange and can be converted to a master secret by Wireshark. This pre-master secret can be obtained when a RSA private key is provided and a RSA key exchange is in use.

Step-by-step instructions to decrypt TLS traffic from Chrome or Firefox in Wireshark:

Close the browser completely (check your task manager just to be sure).
Set environment variable SSLKEYLOGFILE to the absolute path of a writable file.

Start the browser.
Verify that the location from step 2 is created.
In Wireshark, go to Preferences -> Protocols -> TLS, and change the (Pre)-Master-Secret log filename preference to the path from step 2.

Start the Wireshark capture.
Open a website, for example https://www.wireshark.org/

Check that the decrypted data is visible. For example, using the tls and (http or http2) filter.

For Windows, an environment variable can be set globally as described in this walkthrough, but this is not recommended since it is easy to forget about and may be a security issue since it allows decryption of all your TLS traffic. A better way to set the environment variable is via a batch file. Create a file start-fx.cmd with:

@echo off
set SSLKEYLOGFILE=%USERPROFILE%\Desktop\keylogfile.txt
open firefox

http.host == “openapi.bei.com” and http.request.uri.query.parameter == “product_ids=%5B%271300028%27%5D”

……

阅读全文