如何使用基于OpenSSL的客户端提取管理员密码? [英] How do I extract the pre-master secret using an OpenSSL-based client?

问题描述

我有一个正在使用OpenSSL 1.0.2的应用程序，我想用Wireshark检查通信量.只要您提供TLS对话的主密码即可，Wireshark可以(可以)解密TLS对话.

I have an application I'm making that uses OpenSSL 1.0.2 and I'd like to examine the traffic with Wireshark. Wireshark can (allegedly) decrypt TLS conversations provided you give it the pre-master secret.

如果我正在使用像TLS_RSA_WITH_AES_256_CBC_SHA256这样的密码套件；谁能告诉我如何从SSL或SSL_CTX结构中获取主控机密?我可以入侵SSL对象中的不透明结构-这与产品中不会附带的任何东西有关；我只想知道如何为Wireshark填充主控机密文件.

If I'm using a cipher suite like TLS_RSA_WITH_AES_256_CBC_SHA256; can anyone tell me how to get the pre-master secret out of an SSL or SSL_CTX struct? I'm OK with hacking opaque structures within the SSL object - this isn't for anything that would ship in a product; I just want to know how to populate a pre-master secret file for Wireshark.

推荐答案

我建议使用更容易掌握的主密钥.据我所知，预主密钥仅短暂存在于OpenSSL的堆栈中.主密钥位于 ssl_session_st 中(在1.0.2分支的ssl.h中定义，但在更高版本中移至ssl_locl.h). SSL成员变量session是指向其ssl_session_st(也称为SSL_SESSION)的指针.

I recommend using the master key, which is easier to get at. To the best of my knowledge the pre-master key only exists ephemerally on the stack in OpenSSL. The master key is available in ssl_session_st (defined in ssl.h in the 1.0.2 branch but moved to ssl_locl.h in a later version). The SSL member variable session is a pointer to its ssl_session_st (aka SSL_SESSION).

Wireshark可以使用主密钥以及预主密钥来解密连接.

Wireshark can use the master key as well as the pre-master key to decrypt connections. Here are the formats that Wireshark supports as of this writing:

• RSA xxxx yyyy 其中xxxx是加密的主密码前机密的前8个字节(十六进制编码) 其中，yyyy是明文预写主密码(十六进制编码) (这是错误4349引入的原始格式)

• RSA xxxx yyyy Where xxxx are the first 8 bytes of the encrypted pre-master secret (hex-encoded) Where yyyy is the cleartext pre-master secret (hex-encoded) (this is the original format introduced with bug 4349)

RSA Session-ID:xxxx Master-Key:yyyy 其中xxxx是SSL会话ID(十六进制编码) 其中yyyy是明文主密钥(十六进制编码) (已添加以支持openssl s_client主密钥输出) 这有点用词不当，因为没有特定于RSA的内容 关于这个.

RSA Session-ID:xxxx Master-Key:yyyy Where xxxx is the SSL session ID (hex-encoded) Where yyyy is the cleartext master secret (hex-encoded) (added to support openssl s_client Master-Key output) This is somewhat is a misnomer because there's nothing RSA specific about this.

PMS_CLIENT_RANDOM xxxx yyyy 其中xxxx是ClientHello中的client_random(十六进制编码) 其中，yyyy是明文预写主密码(十六进制编码) (如果用户可以，此格式允许对SSL连接进行解密 捕获PMS，但无法恢复特定会话的MS 使用SSL服务器.)

PMS_CLIENT_RANDOM xxxx yyyy Where xxxx is the client_random from the ClientHello (hex-encoded) Where yyyy is the cleartext pre-master secret (hex-encoded) (This format allows SSL connections to be decrypted, if a user can capture the PMS but could not recover the MS for a specific session with a SSL Server.)

CLIENT_RANDOM xxxx yyyy 其中xxxx是ClientHello中的client_random(十六进制编码) 其中yyyy是明文主密钥(十六进制编码) (此格式允许解密非RSA SSL连接，即 ECDHE-RSA.)

CLIENT_RANDOM xxxx yyyy Where xxxx is the client_random from the ClientHello (hex-encoded) Where yyyy is the cleartext master secret (hex-encoded) (This format allows non-RSA SSL connections to be decrypted, i.e. ECDHE-RSA.)

请注意，预主密钥和主密钥都不是对称密钥(您的问题标题暗示您可能认为是对称密钥).对称密钥是从主密钥和客户端/服务器随机数据派生的.

Note that neither the pre-master key nor the master key is the symmetric key (your question title implies that you may think it is). The symmetric key is derived from the master key and client/server random data.

这篇关于如何使用基于OpenSSL的客户端提取管理员密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！