ssl_association_remove removing TCP 3128 - http handle 0x7f6238467400
Private key imported: KeyID 22:0e:f2:57:3b:ef:cc:1a:ca:35:ea:c3:4b:62:49:60:…
ssl_init IPv4 addr '127.0.0.1' (127.0.0.1) port '3128' filename '/home/lzq-ubuntu/Desktop/cert/sslcerts/private/127.0.0.1-key.pem' password(only for p12 file) ''
ssl_init private key file /home/lzq-ubuntu/Desktop/cert/sslcerts/private/127.0.0.1-key.pem successfully loaded.
association_add TCP port 3128 protocol http handle 0x7f6238467400
dissect_ssl enter frame #6 (first time)
ssl_session_init: initializing ptr 0x7f621ff49038 size 680
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 211
dissect_ssl enter frame #8 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 39
dissect_ssl enter frame #12 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 246
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 241, ssl state 0x00
association_find: TCP port 53519 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 237 bytes, remaining 246
packet_from_server: is from server - FALSE
ssl_find_private_key server 127.0.0.1:3128
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #6 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 211
dissect_ssl enter frame #8 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 39
dissect_ssl enter frame #12 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 246
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 237 bytes, remaining 246
dissect_ssl enter frame #19 (first time)
ssl_session_init: initializing ptr 0x7f621ff4a568 size 680
conversation = 0x7f621ff49eb0, ssl_session = 0x7f621ff4a568
record: offset = 0, reported_length_remaining = 89
dissect_ssl enter frame #21 (first time)
conversation = 0x7f621ff49eb0, ssl_session = 0x7f621ff4a568
record: offset = 0, reported_length_remaining = 39
dissect_ssl enter frame #25 (first time)
conversation = 0x7f621ff49eb0, ssl_session = 0x7f621ff4a568
record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 69, ssl state 0x00
association_find: TCP port 53521 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 65 bytes, remaining 74
packet_from_server: is from server - FALSE
ssl_find_private_key server 127.0.0.1:3128
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
dissect_ssl enter frame #19 (already visited)
conversation = 0x7f621ff49eb0, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 89
dissect_ssl enter frame #21 (already visited)
conversation = 0x7f621ff49eb0, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 39
dissect_ssl enter frame #25 (already visited)
conversation = 0x7f621ff49eb0, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 65 bytes, remaining 74
dissect_ssl enter frame #30 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 1163
dissect_ssl3_record found version 0x0303(TLS 1.2) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 53, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 49 bytes, remaining 58
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello can't find cipher suite 0x9C
record: offset = 58, reported_length_remaining = 1105
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 1091, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 63 length 1087 bytes, remaining 1154
record: offset = 1154, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 1159 length 0 bytes, remaining 1163
dissect_ssl enter frame #32 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 190
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 134, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139
ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16)
dissect_ssl3_handshake can't decrypt pre master secret
record: offset = 139, reported_length_remaining = 51
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
record: offset = 145, reported_length_remaining = 45
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 40, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 0 offset 150 length 0 bytes, remaining 190
dissect_ssl3_handshake iteration 0 type 0 offset 154 length 0 bytes, remaining 190
dissect_ssl3_handshake iteration 0 type 148 offset 158 length 9736230 bytes, remaining 190
dissect_ssl enter frame #34 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 242
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 186, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 182 bytes, remaining 191
record: offset = 191, reported_length_remaining = 51
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
record: offset = 197, reported_length_remaining = 45
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 40, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 214 offset 202 length 6700648 bytes, remaining 242
dissect_ssl enter frame #35 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 1147
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 1142, ssl state 0x13
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 53519 found (nil)
association_find: TCP port 3128 found 0x7f62392b2a30
dissect_ssl enter frame #30 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 1163
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 49 bytes, remaining 58
record: offset = 58, reported_length_remaining = 1105
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 63 length 1087 bytes, remaining 1154
record: offset = 1154, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 1159 length 0 bytes, remaining 1163
dissect_ssl enter frame #32 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 190
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes, remaining 139
record: offset = 139, reported_length_remaining = 51
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
record: offset = 145, reported_length_remaining = 45
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 0 offset 150 length 0 bytes, remaining 190
dissect_ssl3_handshake iteration 0 type 0 offset 154 length 0 bytes, remaining 190
dissect_ssl3_handshake iteration 0 type 148 offset 158 length 9736230 bytes, remaining 190
dissect_ssl enter frame #34 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 242
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 4 offset 5 length 182 bytes, remaining 191
record: offset = 191, reported_length_remaining = 51
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
record: offset = 197, reported_length_remaining = 45
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 214 offset 202 length 6700648 bytes, remaining 242
dissect_ssl enter frame #35 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 1147
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 53519 found (nil)
association_find: TCP port 3128 found 0x7f62392b2a30
dissect_ssl enter frame #39 (first time)
conversation = 0x7f621ff49eb0, ssl_session = 0x7f621ff4a568
record: offset = 0, reported_length_remaining = 1163
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 53, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 49 bytes, remaining 58
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0035 -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
record: offset = 58, reported_length_remaining = 1105
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 1091, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 63 length 1087 bytes, remaining 1154
record: offset = 1154, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x17
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 1159 length 0 bytes, remaining 1163
dissect_ssl enter frame #41 (first time)
conversation = 0x7f621ff49eb0, ssl_session = 0x7f621ff4a568
record: offset = 0, reported_length_remaining = 7
dissect_ssl3_record: content_type 21 Alert
decrypt_ssl3_record: app_data len 2, ssl state 0x17
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl enter frame #45 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 564
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 559, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 3128 found 0x7f62392b2a30
dissect_ssl enter frame #46 (first time)
conversation = 0x7f621ff48980, ssl_session = 0x7f621ff49038
record: offset = 0, reported_length_remaining = 176
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 171, ssl state 0x13
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 3128 found 0x7f62392b2a30
dissect_ssl enter frame #39 (already visited)
conversation = 0x7f621ff49eb0, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 1163
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 49 bytes, remaining 58
record: offset = 58, reported_length_remaining = 1105
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 11 offset 63 length 1087 bytes, remaining 1154
record: offset = 1154, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 14 offset 1159 length 0 bytes, remaining 1163
dissect_ssl enter frame #41 (already visited)
conversation = 0x7f621ff49eb0, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 7
dissect_ssl3_record: content_type 21 Alert
dissect_ssl enter frame #45 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 564
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 3128 found 0x7f62392b2a30
dissect_ssl enter frame #46 (already visited)
conversation = 0x7f621ff48980, ssl_session = (nil)
record: offset = 0, reported_length_remaining = 176
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 3128 found 0x7f62392b2a30
Thank you very much!!
My wireshark version is 1.8.3 and after I change my cipher suit in squid.conf I can decrypt the SSL data.
Thank you very much!!!
BTW, sometimes I can not visit some website through HTTPS because I used the self-generated certificate and key, and the browser say that:
"Invalid Server Certificate"
So is there any idea how can I generate the certificate and key authorized by Dropbox?
Thanks very much for your help again!!!
good. I believe the latest development build of Wireshark (1.11.x) does support (0x9c - I think I have seen that somewhere). Maybe you want to try it later as well.
"authorized by Dropbox"? There is no way to do that, unless you are the owner of Dropbox or a very, very skilled hacker ;-)
I believe this could be a problem with the Squid configuration. I've never used squid for SSL interception, so I don't know what to look for. Maybe it's better to ask that specific question in a Squid forum !?!
Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).