如何从浏览器的SSL / TLS会话出口高手秘诀是什么? [英] How to export master secret from browser SSL/TLS session?
问题描述
我想在Windows中打开浏览器,进入到HTTPS站点,并同时使用Wireshark捕获数据包执行一系列操作。然后我想使用加密的数据包捕获,查看解密的HTTP流量。我知道很多方法来做到这一点(见下表),如果你放弃了浏览器,可以访问到服务器,或添加MITM,但这些工作时,你所规定的限制的情况。这里是我的典型方式:
I'd like to open a browser in Windows, go to an HTTPS site, and perform a sequence of actions while capturing packets with Wireshark. Then I want to use the encrypted packet capture to view the decrypted HTTP traffic. I know of many ways to do this (listed below) if you forego the browser, have access to the server, or add a MITM, but none of these work when you're restricted to the scenario above. Here are my typical approaches:
服务器:在那里我有服务器私钥,使用Wireshark内置的SSL解密网站。
Server: For sites where I have the server private key, use Wireshark's built-in SSL decryption.
MITM:一个SSL代理(例如,打嗝套件)将允许解密流量观看,但这需要使用比什么是由服务器使用不同的证书和密钥对
MITM: An SSL proxy (e.g., Burp suite) will allow viewing of decrypted traffic, but this requires using a different certificate and key pair than what is used by the server.
浏览器:OpenSSL的的s_client.First可以连接,提出请求,并导出主密钥,但是这并不能显示相关的网页或运行JavaScript来计算后续请求参数
Browser: openssl's s_client can connect, make requests, and export the master secret, but this does not display the associated web pages or run javascript to compute subsequent request parameters.
有没有从正常的浏览器导出主密钥,这样我可以用它来解密后的浏览器会话的数据包捕获的方法吗?
Is there a way to export the master secret from a "normal" browser so that I can use it to later decrypt a packet capture of the browser session?
例如,存储在磁盘上的SSL / TLS状态时,浏览器被关闭?如果是的话,我将如何访问它?它是在内存中访问浏览器运行时(如果有的话我将如何找到它)?
For example, is SSL/TLS state stored on disk when a browser is closed? If so, how would I access it? Is it accessible in memory while the browser is running (and if so how would I find it)?
或者,是由操作系统(Windows)和存储的所有SSL状态数据不直接访问?
Or, is all SSL state data stored by the OS (Windows) and not accessible directly?
另外,有没有办法强制浏览器使用特定的主密钥(而像会话ID等其他任何相关的SSL状态数据)为特定的HTTPS连接?如果是这样,我可以设置使用的s_client.First SSL会话,然后将关键数据传送到浏览器并打开在同一个会话的新连接。这将实现通过不同的手段同样的目标。
Alternatively, is there a way to force a browser to use a particular master secret (and any other associated SSL state data like session ID, etc.) for a particular HTTPS connection? If so, I could set up the SSL session using s_client, and then transfer the key data to the browser and open a new connection in the same session. This would accomplish the same goal through different means.
推荐答案
对于使用NSS库(如火狐),您可以设置 SSLKEYLOGFILE 的environment可变时,这将导致NSS以节省所需的秘密。然后,您可以直接使用使用Wireshark该文件。有被发现这里。
For browsers that use the NSS library (e.g. Firefox) you can set the SSLKEYLOGFILE environment variable, which will cause NSS to save the necessary secrets. You can then directly use that file with Wireshark. There's more information to be found here.
这篇关于如何从浏览器的SSL / TLS会话出口高手秘诀是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
