wireshark使用key解密https包

在 <a href="https://www.361way.com/decrypted-https/5414.html" target="_blank" rel="noopener noreferrer">三种解密 HTTPS 流量的方法</a> 篇中提到了常见的三种解密https的方法,本篇就结合wireshark对于私钥格式的要求,及SSLKEYLOGFILE配置再进行下简单的说明。

一、使用私钥解密

先说下在wireshark上的操作步骤:



<img src="https://www.361way.com/wp-content/uploads/2018/06/wireshark-private-keys.png" width="592" height="296" title="wireshark-private-keys" alt="wireshark-private-keys" />



解密完成后,关闭软件即可。需要特别注意的是,上面提到的协议选择的地方,根据wireshark版本的不同,有可能是TLS或者SSL。接下来再说下支持的key类型,在<a href="https://wiki.wireshark.org/TLS?action=show&redirect=SSL" target="_blank" rel="noopener noreferrer">wireshark wiki页</a>上说明的比较详细,具体如下:“ The RSA key file can either be a PEM format private key or a PKCS#12 keystore (typically a file with a .pfx or .p12 extension). The PKCS#12 key is a binary file, but the PEM format is a text file which looks like this ”



<br />
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDReQzlKVeAK8b5
TRcRBhSi9IYwHX8Nqc8K4HeDRvN7HiBQQP3bhUkVekdoXpRLYVuc7A8h1BLr93Qw
...
KOi8FZl+jhG+p8vtpK5ZAIyp
-----END PRIVATE KEY-----

二、SSLkeylog解密

<img src="https://www.361way.com/wp-content/uploads/2018/06/SSLkeylog.png" width="924" height="282" title="SSLkeylog" alt="SSLkeylog" />



<br />
@echo off
set SSLKEYLOGFILE=%USERPROFILE%\Desktop\keylogfile.txt
open firefox
上面的firefox也可以换成chrome。



参考页面:https://wiki.wireshark.org/TLS?action=show&redirect=SSL

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注