Differences between revisions 5 and 6
Revision 5 as of 2019-06-10 17:36:12
Size: 13103
Editor: PeterWu
Comment:
Revision 6 as of 2019-06-13 19:01:25
Size: 10612
Editor: PeterWu
Comment: Rewrite article, removing outdated information, making it more user-centric. Co-written with Graham Bloice
Deletions are marked like this. Additions are marked like this.
Line 16: Line 16:
Some well known TCP ports for TLS traffic are

 * 443 https
 * 636 ldaps
 * 853 domain-s
 * 989 ftps-data
 * 990 ftps
 * 992 telnets
 * 993 imaps
 * 994 ircs
 * 995 pop3s
 * 5061 sips
Line 30: Line 17:
The SSL/TLS dissector is fully functional and even supports advanced features such as decryption of TLS if appropriate secrets are provided. TLS decryption requires Wireshark to be built with Libgcrypt (mandatory since Wireshark 2.4). Support for RSA private key files requires GnuTLS. The official Wireshark binaries have both dependencies. The TLS dissector is fully functional and even supports advanced features such as decryption of TLS if appropriate secrets are provided ([[#TLS_Decryption]]).
Line 34: Line 21:
== TLS Decryption ==
Wireshark supports TLS decryption when appropriate secrets are provided. The two available methods are:

 * Key log file using per-session secrets ([[#Using_the_.28Pre.29-Master-Secret]]).
 * Decryption using an RSA private key ([[#RSA_Keys]]).

A key log file is a universal mechanism that always enables decryption, even if a Diffie-Hellman (DH) key exchange is in use. The RSA private key only works in a limited number of cases.

The key log file is a text file generated by applications such as Firefox, Chrome and curl when the `SSLKEYLOGFILE` environment variable is set. To be precise, their underlying library (NSS, OpenSSL or boringssl) writes the required per-session secrets to a file. This file can subsequently be configured in Wireshark ([[#Using_the_.28Pre.29-Master-Secret]]).

The RSA private key file can only be used in the following circumstances:

 * The cipher suite selected by the server is not using (EC)DHE.
 * The TLS version is SSLv3, TLS 1.0, 1.1 or 1.2. It does ''not'' work with TLS 1.3.
 * The private key matches the ''server'' certificate. It does not work with the ''client'' certificate, nor the Certificate Authority (CA) certificate.
 * The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.

The key log file is generally recommended since it works in all cases, but requires the continuous ability to export the secrets from either the client or server application.
The only advantage of the RSA private key is that it needs to be configured only once in Wireshark to enable decryption, subject to the above limitations.
Line 36: Line 43:
Alternatively, select a SSL/TLS packet in the packet list, right-click on the ''TLS'' layer in the packet details view and open the ''Protocol preferences'' menu. Alternatively, select a TLS packet in the packet list, right-click on the ''TLS'' layer in the packet details view and open the ''Protocol preferences'' menu.
Line 38: Line 45:
=== RSA keys list ===
The ''RSA keys list'' button opens a new dialog with the following fields ('''deprecated in favor of the ''RSA Keys'' dialog'''):
||IP address ||The IP address of the SSL server in IPv4 or IPv6 format, or the following special values: ''any'', ''anyipv4'', ''anyipv6'', ''0.0.0.0'' (this field is ignored since Wireshark 2.0) ||
||Port ||The port number, the special value ''start_tls'' or 0. Ignores since Wireshark 2.0. ||
||Protocol ||A protocol name for the decrypted network data. Popular choices are ''http'' or ''data''. If you enter an invalid protocol name an error message will show you the valid values. ||
||Key File ||path to the RSA private key. ||
||Password ||Leave it empty for PEM-encoded private key files or provide it for encrypted PKCS#12 key files. ||
The notable TLS protocol preferences are:
Line 46: Line 47:
The RSA key file can either be a ''PEM'' format private key or a PKCS#12 keystore. If the file is a PKCS#12 keystore (typically a file with a .pfx or .p12 extension), the password for the keystore must be specified in the ''Password'' field.  * (Pre)-Master-Secret log filename (tls.keylog_file): path to read the TLS key log file for decryption.
 * RSA keys list: opens a dialog to configure RSA private keys for decryption. Deprecated in favor of the ''Preferences'' -> ''RSA Keys'' dialog.
 * Pre-Shared-Key: used to configure the decryption key for PSK cipher suites. Not generally used.
 * TLS debug file (tls.debug_logfile): path to write internal details about the decryption process. Will contain the results of decryption and the keys that were used in this process. This can be used to diagnose why decryption fails.
Line 48: Line 52:
Starting with Wireshark 2.0, the RSA key file is automatically matched against the public key as found in the Certificate handshake message. Before Wireshark 2.0, it relied on the user to enter a valid Address and Port value. Note that only RSA key exchanges can be decrypted using this RSA private key, Diffie-Hellman key exchanges cannot be decrypted using a RSA key file! (See "SSLKEYLOGFILE" if you have such a capture.) The following TCP protocol preferences are also required to enable TLS decryption:

 * Allow subdissector to reassemble TCP streams. Enabled by default.
 * Reassemble out-of-order segments (since Wireshark 3.0, disabled by default).
Line 52: Line 59:
==== Key File format conversion ====
The file format needed is 'PEM'. Note that it is common practice on webservers to combine the public key (or certificate) and the private key in a single PEM file.
In that case - locate this PEM file and cut and paste the section headed by 'PRIVATE KEY' (including header and footer) into a new 'file.key' file which should look like:
The RSA key file can either be a ''PEM'' format private key or a PKCS#12 keystore (typically a file with a .pfx or .p12 extension). The PKCS#12 key is a binary file, but the PEM format is a text file which looks like this:
Line 56: Line 61:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtIvaDmeOGleYuxT01GfAmgugHVlqCOFfGYqy3gxMWt/fxO/7
s7BJzqnhAFOWBjmBAdj7hHmPyCoJM7/MdCDJt1y7d20BJAGxD0ZQ4kxzGZDCjc5z
....... some 20-100 lines of base64 encoded data ...............
Jh2kZkKoVG3Qr+66IlBDuVllIbwQU0F1fYy2FTjZL4vbmdupwHUyTnPK57vP8RJ7
cpc1qwLZxfurxZfhI9gxXOO5eUg1WBupw029SSoSafYBqO4a9wg1OA==
-----END RSA PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDReQzlKVeAK8b5
TRcRBhSi9IYwHX8Nqc8K4HeDRvN7HiBQQP3bhUkVekdoXpRLYVuc7A8h1BLr93Qw
...
KOi8FZl+jhG+p8vtpK5ZAIyp
-----END PRIVATE KEY-----
Line 65: Line 69:
If the PEM file is encrypted, it will appear as:
{{{
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CB7BE7B5A318ACE6

ScuaEtGA1xy7iVvvntc4hZ9Kl0VOKmA9sOcfP1CnrUVpAuLoHPEXTsc10smlXwsl
[...]
yy7ANfGCZTWaWP89uOIwlXK0n8hHZjTjw5axBuWXvgWHNbvein7tsg==
-----END RSA PRIVATE KEY-----
}}}
Such key files are currently not supported by Wireshark, so they have to be decrypted first:
{{{
openssl rsa -in encrypted.key -out new.key
}}}

On Windows keys are often stored in PKCS7/DER format (locally) or in NET format (from any directory server). Use the following to convert:

{{{
# for PKCS7/DER keys (as held on disk)
openssl pkcs8 -nocrypt -in derfile.key -inform DER -out key.pem -outform PEM
# for NET keys (from the directory server)
openssl pkcs8 -nocrypt -in file.ick -inform NET -out key.pem -outform PEM
}}}
On macOS and Solaris, around Oracle and various other systems the file format used is often PKCS#12. Convert with:

{{{
openssl pkcs12 -nodes -in file.p12 -out key.pem -nocerts
}}}
The deprecated ''RSA keys list'' dialog may be removed at some point. To configure keys, use the ''RSA keys'' dialog instead. To change the protocol for decrypted network data, right-click on a TLS packet and use ''Decode As'' to change the ''Current'' protocol for the ''TLS port''. The ''IP address'' and ''Port'' fields are unused.
Line 98: Line 74:
[[https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11612|dump.pcapng]] TLSv1.2 capture with 73 cipher suites, you need this [[https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11616|premaster.txt]] file for decrypting the traffic. (linked from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144)

The test suite also contains various
TLS traces: https://github.com/wireshark/wireshark/blob/master/test/captures, including:
* tls12
-dsb.pcapng - TLS 1.2 trace with decryption keys embedded.
 * [[https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11612|dump.pcapng]] TLSv1.2 capture with 73 cipher suites, you need this [[https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11616|premaster.txt]] file for decrypting the traffic. (linked from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144)
 * tls12-dsb.pcapng - TLS 1.2 trace with decryption keys embedded.
 * http
s://github.com/wireshark/wireshark/blob/master/test/captures - The test suite contains various TLS traces.
Line 113: Line 88:
= Complete SSL decryption walk through =
Ensure you have a version of Wireshark with GnuTLS support:
## Note: external documentations link to this section using #Using_the_.28Pre.29-Master-Secret
== Using the (Pre)-Master-Secret ==
The master secret enables TLS decryption in Wireshark and can be supplied via the Key Log File. The pre-master secret is the result from the key exchange and can be converted to a master secret by Wireshark. This pre-master secret can be obtained when a RSA private key is provided and a RSA key exchange is in use.
Line 116: Line 92:
Step-by-step instructions to decrypt TLS traffic from Chrome or Firefox in Wireshark:

 1. Close the browser completely (check your task manager just to be sure).
 2. Set environment variable `SSLKEYLOGFILE` to the absolute path of a writable file.
 3. Start the browser.
 4. Verify that the location from step 2 is created.
 5. In Wireshark, go to ''Preferences'' -> ''Protocols'' -> ''TLS'', and change the ''(Pre)-Master-Secret log filename'' preference to the path from step 2.
 6. Start the Wireshark capture.
 7. Open a website, for example https://www.wireshark.org/
 8. Check that the decrypted data is visible. For example, using the `tls and (http or http2)` filter.

For Windows, an environment variable can be set globally as described in [[https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/|this walkthrough]], but this is not recommended since it is easy to forget about and may be a security issue since it allows decryption of all your TLS traffic. A better way to set the environment variable is via a batch file. Create a file `start-fx.cmd` with:
Line 117: Line 105:
$ wireshark --version
wireshark 1.0.0
@echo off
set SSLKEYLOGFILE=%USERPROFILE%\Desktop\keylogfile.txt
open firefox
}}}
Line 120: Line 110:
Copyright 1998-2008 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Change the `SSLKEYLOGFILE` path as needed, and replace `firefox` with `chrome` for Google Chrome. This mechanism currently (2019) does not work for Safari, Microsoft Edge, and others since their TLS libraries (Microsoft SChannel/Apple SecureTransport) do not support this mechanism. This mechanism works for applications other than web browsers as well, but it dependent on the TLS library used by the application.
Line 124: Line 112:
Compiled with GTK+ 2.12.9, with GLib 2.16.3, with libpcap 0.9.8, with libz
1.2.3, without POSIX capabilities, with libpcre 7.4, with SMI 0.4.7, with ADNS,
without Lua, with GnuTLS 2.2.2, with Gcrypt 1.4.0, with Heimdal Kerberos,
without PortAudio, without AirPcap.
Examples of other applications:
 * Applications using OpenSSL could use a [[https://security.stackexchange.com/q/80158/2630|GDB or a LD_PRELOAD trick]] to extract the secrets. This includes Python.
 * For Java programs, pre-master secrets can be extracted from the TLS debug log preference, or output directly in the format Wireshark requires via [[http://jsslkeylog.sourceforge.net/|this agent]].
 * Python scripts can be [[https://github.com/joernheissler/SslMasterKey|edited]] to dump keys as well.
Line 129: Line 117:
Running on FreeBSD 7.0-RELEASE, with libpcap version 0.9.8. For a survey of supported TLS applications and libraries, see also [[https://lekensteyn.nl/files/wireshark-ssl-tls-decryption-secrets-sharkfest18eu.pdf#page=19|page 19 of Peter Wu's SSL/TLS Decryption SharkFest '18 presentation]].
Line 131: Line 119:
Built using gcc 4.2.1 20070719 [FreeBSD].
}}}
Specifically check for the '''with GnuTLS 2.2.2''' in the output.
== See also ==
Some other protocols are derived from TLS. This includes:
 * [[DTLS]] is based on the TLS standard and runs on top of [[UDP]] as a transport protocol.
 * [[QUIC]] is an in-development protocol that uses TLS for its encryption, Wireshark's status can be tracked at [[https://github.com/quicwg/base-drafts/wiki/Tools#wireshark|]].
Line 135: Line 124:
Next create an RSA key and certificate pair with:

{{{
openssl req -new -x509 -out server.crt -nodes -keyout server.pem -subj /CN=localhost
}}}
Now run a server using above:

{{{
openssl s_server -www -cipher AES256-SHA -key server.pem -cert server.crt
}}}
and test that the server works by going to https://localhost:4433/ (use the flag {{{-accept 443}}} to bind above to the normal https port).

Now start Wireshark - add above privkey.pem in the SSL preference pane:

http://people.apache.org/~dirkx/settings.png

This should result in a config snipped in the file ~/.wireshark/preferences

{{{
ssl.desegment_ssl_records: TRUE
ssl.desegment_ssl_application_data: TRUE
ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem
ssl.debug_file: /home/dirkx/.wireshark-log
}}}
and configure the capturing:

http://people.apache.org/~dirkx/config.png

and then do a test request; for example with the command

{{{
printf 'GET / HTTP/1.0\r\n\r\n' | openssl s_client -ign_eof
}}}
Then stop your capture. The screen should look like attached:

http://people.apache.org/~dirkx/dump.png

And the TCP connection like

http://people.apache.org/~dirkx/tcp.png

and analyze the SSL shows you:

http://people.apache.org/~dirkx/ssl.png

Or if you want to observe authentication with a client cert; try the following:

{{{
# Generate self signed cert
openssl req -new -x509 -nodes -out client.crt -keyout client.key -subj /CN=Moi/O=Foo/C=NL
}}}
{{{
# Start a server
openssl s_server -cipher AES256-SHA -accept 4443 -www -CAfile client.crt -verify 1 -key server.pem -cert server.cert
}}}
{{{
# And test
printf 'GET / HTTP/1.0\r\n\r\n' | openssl s_client -connect localhost:4443 -ssl3 -cert client.pem -key client.key -ign_eof
}}}
{{{
# tshark commands
tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem" -o "ssl.debug_file: /home/dirkx/.wireshark-log" -i eth0 -R "tcp.port == 4443"
}}}
The log should look like http://people.apache.org/~dirkx/wireshark.log. Or, a more realistic example with Firefox is at http://people.apache.org/~dirkx/wireshark-firefox.log (from 10.11.0.200->10.11.0.111, port 4433).

== Using the (Pre)-Master-Secret ==
Decoding an TLS connection requires either knowledge of the (asymmetric) secret server key and a handshake that does not use Diffie-Hellman (DH) or the (base of) the symmetric keys used to run the actual encryption. Support was added to Wireshark with SVN revision 37401 to do this, so it became available with Wireshark 1.6. For instructions look at [[http://ask.wireshark.org/questions/4229/follow-ssl-stream-using-master-key-and-session-id|this question on ask.wireshark.org]]

Since SVN revision 36876, it is also possible to decrypt traffic when you do not possess the server key but have access to the (pre-)master secret. For more details, see [[https://security.stackexchange.com/a/42350/2630|this security.stackexchange.com answer]] or this [[https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/|step-by-step walkthrough]]. That answer also contains some suggestions on finding out why SSL/TLS sessions do not get decrypted. In short, it should be possible to log the pre-master secret to a file with a current version of Firefox, Chromium or Chrome by setting an environment variable (SSLKEYLOGFILE=</path/to/private/directory/with/logfile>).

Applications using OpenSSL could use a [[https://security.stackexchange.com/q/80158/2630|GDB or a LD_PRELOAD trick]] to extract the secrets. If you do not mind recompiling Qt4/Qt5 with a patch, then see this [[http://www.peter.hartmann.tk/#!How-to-decrypt-SSL-traffic-of-Qt-programs-in-Wireshark/cmzt/555a4a860cf21fee139afdd1|blog with details]]. For Java programs, pre-master secrets can be extracted from the TLS debug log preference, or output directly in the format Wireshark requires via [[http://jsslkeylog.sourceforge.net/|this agent]]. Python scripts can be [[https://github.com/joernheissler/SslMasterKey|edited]] to dump keys as well.

= External links =
== External links ==
Line 211: Line 128:
 * [[http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html|The First Few Milliseconds of an HTTPS Connection]]
 * [[https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets/16415/|Psst. Your Browser Knows All Your Secrets.]]
  * Full paper: [[http://www.sans.org/reading-room/whitepapers/authentication/ssl-tls-whats-hood-34297|SSL/TLS:What's under the Hood]], written by Sally Vandeven
 * [[https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work|How does SSL/TLS work? - Information Security Stack Exchange]]

Transport Layer Security (TLS)

Transport Layer Security (TLS) provides security in the communication between two hosts. It provides integrity, authentication and confidentiality. It is used most commonly in web browsers, but can be used with any protocol that uses TCP as the transport layer.

Secure Sockets Layer (SSL) is the predecessor of the TLS protocol. These names are often used interchangeably which can lead to some confusion:

  • A configuration that uses the SSL protocol (SSLv2/SSLv3) is insecure. The TLS protocol should be used instead.

  • X.509 certificates for authentication are sometimes also called SSL Certificates.

  • Some applications (such as email) use a single port for both unencrypted and encrypted sessions. To change from unencrypted to encrypted, (START)TLS is used. When a single port directly uses the TLS protocol, it is often referred to as SSL.

  • For historical reasons, software (Wireshark included) refer to SSL or SSL/TLS while it actually means the TLS protocol since that is nowadays what everyone uses.

Protocol dependencies

  • TCP: Typically, TLS uses TCP as its transport protocol.

TLS dissection in Wireshark

The TLS dissector is fully functional and even supports advanced features such as decryption of TLS if appropriate secrets are provided (#TLS_Decryption).

Since Wireshark 3.0, the TLS dissector has been renamed from SSL to TLS. Use of the ssl display filter will emit a warning.

TLS Decryption

Wireshark supports TLS decryption when appropriate secrets are provided. The two available methods are:

A key log file is a universal mechanism that always enables decryption, even if a Diffie-Hellman (DH) key exchange is in use. The RSA private key only works in a limited number of cases.

The key log file is a text file generated by applications such as Firefox, Chrome and curl when the SSLKEYLOGFILE environment variable is set. To be precise, their underlying library (NSS, OpenSSL or boringssl) writes the required per-session secrets to a file. This file can subsequently be configured in Wireshark (#Using_the_.28Pre.29-Master-Secret).

The RSA private key file can only be used in the following circumstances:

  • The cipher suite selected by the server is not using (EC)DHE.
  • The TLS version is SSLv3, TLS 1.0, 1.1 or 1.2. It does not work with TLS 1.3.

  • The private key matches the server certificate. It does not work with the client certificate, nor the Certificate Authority (CA) certificate.

  • The session has not been resumed. The handshake must include the ClientKeyExchange handshake message.

The key log file is generally recommended since it works in all cases, but requires the continuous ability to export the secrets from either the client or server application. The only advantage of the RSA private key is that it needs to be configured only once in Wireshark to enable decryption, subject to the above limitations.

Preference Settings

Go to Edit -> Preferences. Open the Protocols tree and select TLS. Alternatively, select a TLS packet in the packet list, right-click on the TLS layer in the packet details view and open the Protocol preferences menu.

The notable TLS protocol preferences are:

  • (Pre)-Master-Secret log filename (tls.keylog_file): path to read the TLS key log file for decryption.
  • RSA keys list: opens a dialog to configure RSA private keys for decryption. Deprecated in favor of the Preferences -> RSA Keys dialog.

  • Pre-Shared-Key: used to configure the decryption key for PSK cipher suites. Not generally used.
  • TLS debug file (tls.debug_logfile): path to write internal details about the decryption process. Will contain the results of decryption and the keys that were used in this process. This can be used to diagnose why decryption fails.

The following TCP protocol preferences are also required to enable TLS decryption:

  • Allow subdissector to reassemble TCP streams. Enabled by default.
  • Reassemble out-of-order segments (since Wireshark 3.0, disabled by default).

Starting with Wireshark 3.0, a new RSA Keys dialog can be found at Edit -> Preferences -> RSA Keys. In this dialog, use the Add new keyfile... button to select a file. You will be prompted for a password if necessary. The Add new token... button can be used to add keys from a HSM which might require using Add new provider... to select select a DLL/.so file, and additional vendor-specific configuration.

The RSA key file can either be a PEM format private key or a PKCS#12 keystore (typically a file with a .pfx or .p12 extension). The PKCS#12 key is a binary file, but the PEM format is a text file which looks like this:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDReQzlKVeAK8b5
TRcRBhSi9IYwHX8Nqc8K4HeDRvN7HiBQQP3bhUkVekdoXpRLYVuc7A8h1BLr93Qw
...
KOi8FZl+jhG+p8vtpK5ZAIyp
-----END PRIVATE KEY-----

The deprecated RSA keys list dialog may be removed at some point. To configure keys, use the RSA keys dialog instead. To change the protocol for decrypted network data, right-click on a TLS packet and use Decode As to change the Current protocol for the TLS port. The IP address and Port fields are unused.

Example capture file

See also SampleCaptures#SSL_with_decryption_keys.

Display Filter

A complete list of TLS display filter fields can be found in the display filter reference

Show only the TLS based traffic:

  • tls

Capture Filter

You cannot directly filter TLS protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one, for example using tcp port 443.

Using the (Pre)-Master-Secret

The master secret enables TLS decryption in Wireshark and can be supplied via the Key Log File. The pre-master secret is the result from the key exchange and can be converted to a master secret by Wireshark. This pre-master secret can be obtained when a RSA private key is provided and a RSA key exchange is in use.

Step-by-step instructions to decrypt TLS traffic from Chrome or Firefox in Wireshark:

  1. Close the browser completely (check your task manager just to be sure).
  2. Set environment variable SSLKEYLOGFILE to the absolute path of a writable file.

  3. Start the browser.
  4. Verify that the location from step 2 is created.
  5. In Wireshark, go to Preferences -> Protocols -> TLS, and change the (Pre)-Master-Secret log filename preference to the path from step 2.

  6. Start the Wireshark capture.
  7. Open a website, for example https://www.wireshark.org/

  8. Check that the decrypted data is visible. For example, using the tls and (http or http2) filter.

For Windows, an environment variable can be set globally as described in this walkthrough, but this is not recommended since it is easy to forget about and may be a security issue since it allows decryption of all your TLS traffic. A better way to set the environment variable is via a batch file. Create a file start-fx.cmd with:

@echo off
set SSLKEYLOGFILE=%USERPROFILE%\Desktop\keylogfile.txt
open firefox

Change the SSLKEYLOGFILE path as needed, and replace firefox with chrome for Google Chrome. This mechanism currently (2019) does not work for Safari, Microsoft Edge, and others since their TLS libraries (Microsoft SChannel/Apple SecureTransport) do not support this mechanism. This mechanism works for applications other than web browsers as well, but it dependent on the TLS library used by the application.

Examples of other applications:

  • Applications using OpenSSL could use a GDB or a LD_PRELOAD trick to extract the secrets. This includes Python.

  • For Java programs, pre-master secrets can be extracted from the TLS debug log preference, or output directly in the format Wireshark requires via this agent.

  • Python scripts can be edited to dump keys as well.

For a survey of supported TLS applications and libraries, see also page 19 of Peter Wu's SSL/TLS Decryption SharkFest '18 presentation.

See also

Some other protocols are derived from TLS. This includes:


TLS (last edited 2019-06-13 23:08:25 by PeterWu)