如何解密服务使用wireshark服务SSL流量？ [英] How to decrypt service to service SSL traffic using wireshark?

问题描述

使用fiddler会导致某些应用程序在我的Windows机器上停止正常工作。我想使用wireshark来解密我的tomcat和远程服务器之间的所有ssl流量。所有流量都是https。

Using fiddler causes some of the applications to stop working correctly on my windows machine. I want to use wireshark to decrypt all ssl traffic between my tomcat and a remote server. All traffic is https.

我能够设置环境变量SSLKEYLOGFILE并解密浏览器生成的所有SSL流量。但这不适用于服务呼叫服务。有权访问tomcat的私钥不再有用，因为有一些叫做前向保密的东西（我对此并不了解）。从我读到的访问会话密钥是最简单的wireshark解密方式。

I was able to set environment variable SSLKEYLOGFILE and decrypt all SSL traffic generated by the browser. But that does not work for service to service calls. Having access to the private key of tomcat does not help anymore because of something called forward secrecy (I don't know much about that). From what i read having access to the session key is the easiest way to decrypt in wireshark.

所以，如果有人可以回答以下任何一个问题我的问题可以解决。

So my problem can be solved if someone can answer any one of the following questions.

1>有没有办法让tomcat 8将会话密钥吐出到文件中，以便wireshark可以使用它来解密SSL流量。我正在使用java 8.

1>Is there a way to get tomcat 8 to spit out session keys to a file so that wireshark can use it to decrypt SSL traffic. I am using java 8.

2>是否有一个工具不通过代理重定向流量，但能够解密我的机器上的SSL流量？

2>Is there a tool that does not redirect traffic thru a proxy, but is able to decrypt SSL traffic out of my machine?

推荐答案

如果你有以下条件，你可以这样做：

You can do this if you have:

1. 服务器的私钥（仅限RSA）


2. 您可以限制用于TLS握手的密码套件

步骤：

1. 抓住服务器的私钥并将其交给Wireshark。
   
   

1. Grab the server's private key and give it to Wireshark.

1. 转到Wireshark的首选项|协议| SSL


2. 点击RSA密钥列表旁边的编辑...


3. 将您的RSA私钥添加到wireshark可用的密钥列表中

配置您的客户端以限制TLS密码套件，以便没有 ECDHE 或 DHE 密码套件可用。可接受的密码套件的示例是 SSL_RSA_WITH_3DES_EDE_CBC_SHA 或 TLS_RSA_WITH_AES_128_CBC_SHA256 。

Configure your client to limit the TLS cipher suites so that no ECDHE or DHE cipher suites are available. Examples of acceptable cipher suites are SSL_RSA_WITH_3DES_EDE_CBC_SHA or TLS_RSA_WITH_AES_128_CBC_SHA256.

你必须限制密码套件的原因是因为这些天，TLS将使用短暂的密钥交换算法（ DHE ！）。这就是完美前瞻性保密（PFS）的作用。您必须打破PFS，以便使用受损的RSA密钥（您通过使用Wireshark收听妥协）来嗅探对话。

The reason you have to limit the cipher suites is because these days, TLS will use an ephemeral key exchange algorithm (DHE!). This is what makes Perfect Forward Secrecy (PFS) work. You have to break the PFS so that the compromised RSA key (you have "compromised" it by listening-in with Wireshark) can be used to sniff the conversation.

好消息是，您不必乱用客户端或服务器来删除短暂的密钥，就像您使用Web浏览器一样。坏消息是您必须将服务器密钥暴露给另一台主机（运行Wireshark的工作站）和，您必须降低对话的安全性。但这仅用于测试，对吧？ ;）

The good news is that you don't have to mess-around with tricking the client or server to drop the ephemeral key somewhere like you did with your web browser. The bad news is that you have had to expose your server key to another host (your workstation where Wireshark is running) and you had to degrade your conversation's security. But this is only for testing, right? ;)

这篇关于如何解密服务使用wireshark服务SSL流量？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！