Hello I'm debugging my SSL application and would be great if I could capture SSL stream using Wireshark and then follow it decrypted. It is not possible to obtain server's private key in my case But as a client application I can read the whole stream fine and can dump all needed information for decryption, like Session-ID and Master-key, ex: Is it possible somehow to follow decrypted stream in Wireshark without server’s private key but having client’s Master-Key and Session-ID? asked 25 May ‘11, 03:22  tosiara |
2 Answers:
OK, forget my last answer... as of today, it is possible to use the "openssl s_client" output to do decryption. I added this to the keylog option that was already there. You can now use the format: In the key log file to decrypt the session. In your case that would be: You will need to build your own version from "trunk" or use an automated build which will be available in a couple of hours. Please use a version with a number higher or equal to 37401. I hope this works for you :-) answered 25 May '11, 14:58  SYN-bit ♦♦ |
At the moment "No, not directly". There has been code added that reads in a file with a list of decrypted PreMasterSecrets, indexed by the first 8 bytes (IIRC) of the Encrypted PreMasterSecret. It has been added by a developer that also added a debug option to the SSL library of Firefox/Chrome to export this data (see Bug 4349) So at the moment, you might be able to fabricate the file yourself based on the tracefile and the "openssl s_client" output. In the future there might be more options added to import/export session keys to make decryption possible without obtaining (or exposing) the private key. answered 25 May '11, 07:15 SYN-bit ♦♦ I'm glad you knew this SYN..my knee-jerk reaction to this question was "No - never". It makes sense that this would be possible, but considering the work necessary on the user end I figured it would never be an option. (25 May '11, 08:16) GeonJay I'm sorry, the route of creating a keylog file yourself based on the openssl s_client output won't work. I just tried it myself, but the input from the key-log file is a PreMasterSecret, while the output of openssl s_cient is the MasterSecret. I need to dig into SSL some more again to see whether the MasterSecret contains enough information to decrypt the session. If it does, then it is possible to extend the decryption engine to also take the MasterSecret from the s_client output. But someone needs to find the time to code it... (25 May '11, 09:28) SYN-bit ♦♦ |
Great, that works!!! Thank you very much!
Only one small note: if keylog file does not contain trailing CRLF I receive this error:
trying to use SSL keylog in c:\rsa.log checking keylog line: RSA Session-ID:451C00005EC950112D2156C2FDC29BB71A3CA320CEE28FC2DA786AD6F5E5102E Master-Key:DD81A0D7D526740CDEB1AB6DE421102F52C781547A06F6A6480D6055846BB7FFB8CCBCB09FC1A38CC4610135F0F17C4 line contains non-hex chars in master secretBut after adding CRLF at the end - all works perfect!
I'm glad it works for you too :-)
Indeed the code requires all lines to be terminated with a newline character.
Although the
s_clientshows a Session-ID, this will be useless if it is not sent to the server (Session-ID 0in the capture). You can still try to match a known master key with a request usingCLIENT_RANDOMby looking at the traffic. See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9144#c5 for parsings_clientoutput to generate aCLIENT_RANDOMline.