This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL decrypting with master secret but no session id

0
RSA Session-ID:xxxx Master-Key:yyyy

Is one of the formats for decrypting SSL traffic if I have the master secret. But some sites like google don't send a Session-ID (Session Id Length 0). The other format for RSA based key exchange with the encrypted pre master key and pre master key I can't use because I don't have access to the pre master keys. As far as I understand trunk-1.10/epan/dissectors/packet-ssl-utils.c:

ssl_keylog_parse_session_id(...
if (ssl_session->session_id.data_len == 0)
    return FALSE;

as soon as the session id is 0, the format RSA Session-ID: Master-Key: isn't usable. Could someone confirm that or may be have an alternative solution (without modifying Wireshark)?

asked 27 Aug '13, 02:32

Jack%20Norris's gravatar image

Jack Norris
26115
accept rate: 100%

2 Answers:

1

Simple solution for that problem, reduce the possible cipher suites to the suites supported by wireshark. You find the supported ones in epan/dissectors/packet-ssl-utils.c under static SslCipherSuite cipher_suites[]={

For example Qt (OpenSSL) :

wiresharkSupportedCipherSuites = ["EXP-RC4-MD5", "RC4-MD5", "RC4-SHA", "EXP-RC2-CBC-MD5", "IDEA-CBC-SHA", "EXP-DES-CBC-SHA", "DES-CBC3-SHA", "AES128-SHA", "DHE-DSS-AES128-SHA", "DHE-RSA-AES128-SHA", "AES256-SHA", "DHE-DSS-AES256-SHA", "DHE-RSA-AES256-SHA", "AES128-SHA256", "AES256-SHA256", "DHE-DSS-AES128-SHA256", "DHE-RSA-AES128-SHA256", "DHE-DSS-AES256-SHA256", "DHE-RSA-AES256-SHA256"]

The notation is a bit strange in Qt, took some time to compare the cipher suite names.

answered 28 Aug '13, 08:21

Jack%20Norris's gravatar image

Jack Norris
26115
accept rate: 100%

edited 28 Aug '13, 08:22

1

The SSL dissector will try 3 formats:

    if (ssl_keylog_parse_session_id(line, ssl_session) ||
        ssl_keylog_parse_rsa_premaster(line, ssl_session,
                                       encrypted_pre_master) ||
        ssl_keylog_parse_client_random(line, ssl_session)) {
        ret = 1;
        break;

The formats are:

RSA Session-ID:<hex session id> Master-Key:<hex TLS master secret>
RSA <hex, 8-bytes of encrypted pre-master secret> <hex pre-master secret>
CLIENT_RANDOM <hex client_random> <hex TLS master secret>

So if you can index your master secret with the client random for the session, you can still use the out-of-box functionality of wireshark 1.10. If not, a change to the code will be necessary.

Out-of-curiosity: Which application/library are you using to log the master-secret?

answered 27 Aug '13, 03:34

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I tried the CLIENT_RANDOM but it doesn't work for me (for RSA based key exchange).

I use QtWebkit with a modified Qt library. It's easy to modify and recompile Qt if you use the source package of your distribution. In qsslsocket_openssl.cpp (Qt source package) you find some commented lines for writing a file with the master secrets.

(27 Aug '13, 04:10) Jack Norris

Could that be the problem that CLIENT_RANDOM doesn't work:

dissect_ssl3_hnd_srv_hello can't find cipher suite 0x9C

I checked the packet-ssl-utils.c file and cipher suite 0x9C (TLS_RSA_WITH_AES_128_GCM_SHA256) should be present in Wireshark

dissect_ssl enter frame #18 (first time)
  conversation = 0x7f825d2d04b0, ssl_session = 0x7f825d2d0ac0
  record: offset = 0, reported_length_remaining = 1418
dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 62, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 58 bytes, remaining 67 
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
trying to use SSL keylog in /home/jim/Projects/Browser/pcaps/ssl-master-keys
  checking keylog line: RSA Session-ID:95DCDB01178B16AED12D269495048F60625A16904868D38DEDF0F751576A7B5B Master-Key:B5044BA33AD5BF283D1B04483480812B57173DFDD40757C729B33E2F7B796F12529A3E9A6B10C8C724904FAA3B3A5D4E
    line does not match
  checking keylog line: CLIENT_RANDOM 521C962164B2D2DB7349E44B80F49AF27AAD2CF84DC3369DC1C08C8C1CEB35D6 B5044BA33AD5BF283D1B04483480812B57173DFDD40757C729B33E2F7B796F12529A3E9A6B10C8C724904FAA3B3A5D4E
found master secret in key log
  cannot find master secret in keylog file either
dissect_ssl3_hnd_srv_hello can't find cipher suite 0x9C
  record: offset = 67, reported_length_remaining = 1351
  need_desegmentation: offset = 67, reported_length_remaining = 1351
(27 Aug '13, 05:49) Jack Norris

@Jack Norris The GCM cipher suite is supported in the development version (1.11.0 or newer).

(15 Dec '13, 12:09) Lekensteyn

@Lekensteyn This is great news! Thank you for this information!

(22 Dec '13, 16:00) Jack Norris