解密Wireshark中的HTTPS流量不工作 [英] Decrypting HTTPS traffic in Wireshark not working

问题描述

我正在Windows Server 2008 R2上运行Wireshark 1.8.6，并尝试解密传入的HTTPS通信，以便调试我看到的问题。

I我的RSA密钥列表正确设置（我认为），但Wireshark不会因为某些原因解密SSL流量。我已经得到这个工作在过去，同时调试与其他客户端系统的交换，所以我想知道这是特定的TLS在这里使用（即我已经读过，如果使用Diffie-Hellman不能解密，但我可以

我的RSA密钥列表项如下：

  IP地址：192.168.1.27（服务器的IP地址）
端口：7447 
协议：http 
密钥文件：设置为我的.pem （我使用包含公钥和私钥的.pfx中的openssl创建）。 
密码：空白，因为它似乎不需要它为.pem（如果我输入一个，Wireshark会抛出一个错误）。 
  

在我的Wireshark跟踪中，我可以看到客户端Hello和Server Hello，但是应用程序数据不是解密（右键单击 - >按照SSL Stream显示任何内容）。

我的SSL日志粘贴在下面 - 有没有什么我在这里，我会告诉我为什么解密失败？我看到一些这样的项目让我担心，但我不知道如何解释他们：

  packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户机解码器
 decrypt_ssl3_record：无解码器
 dissect_ssl3_handshake迭代1类型16偏移量5长度258字节，剩余267 
 ssl_decrypt_pre_master_secret密钥交换0不同于KEX_RSA（16 ）
 dissect_ssl3_handshake无法解密pre master secret 
 record：offset = 267，reported_length_remaining = 59 
  

SSL日志：

  ssl_association_remove删除TCP 7447  -  http句柄00000000041057D0 
导入私钥：KeyID 02 ：bb：83：4f：80：cf：39：59：39：cd：74：ab：b4：4b：c7：20：
 ssl_load_key：交换p和q参数并重新计算u 
 ssl_init IPv4 addr'192.168.1.27'（192.168.1.27）port'7447'filename'C：\Users\username\Desktop\Certs\server_cert.pem.pem'pa ssword（仅适用于p12文件）''
 ssl_init私钥文件C：\Users\username\Desktop\Certs\server_cert.pem.pem成功加载。 
 association_add TCP端口7447协议http句柄00000000041057D0 
 
 dissect_ssl输入框＃2968（第一次）
 ssl_session_init：初始化ptr 0000000006005E40大小680 
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 123 
 dissect_ssl3_record：content_type 22握手
 decrypt_ssl3_record：app_data len 118，ssl状态0x00 
 association_find：TCP端口59050 found 0000000000000000 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户机解码器
 decrypt_ssl3_record：无解码器
 dissect_ssl3_handshake迭代1类型1偏移量5长度114字节，剩余123 
 packet_from_server：是从服务器 -  FALSE 
 ssl_find_private_key服务器192.168.1.27:7447 
 dissect_ssl3_hnd_hello_common找到CLIENT RANDOM  - >状态0x01 
 
 dissect_ssl输入框＃2971（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，已报告_length_remaining = 326 
 dissect_ssl3_record找到的版本0x0301（TLS 1.0） - >状态0x11 
 dissect_ssl3_record：content_type 22握手
 decrypt_ssl3_record：app_data len 262，ssl状态0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户机解码器
 decrypt_ssl3_record：没有解码器
 dissect_ssl3_handshake迭代1类型16偏移量5长度258字节，剩余267 
 ssl_decrypt_pre_master_secret密钥交换0不同于KEX_RSA（16）
 dissect_ssl3_handshake无法解密pre master secret 
记录：offset = 267，reports_length_remaining = 59 
 dissect_ssl3_record：content_type 20更改密码规则
 dissect_ssl3_change_cipher_spec 
 packet_from_server：来自服务器 -  FALSE 
 ssl_change_cipher CLIENT 
记录： 273，reported_length_remaining = 53 
 dissect_ssl3_record：content_type 22握手
 decrypt_ssl3_record：app_data len 48，ssl state 0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户端解码器
 decrypt_ssl3_record：无解码器
 dissect_ssl3_handshake迭代1类型166偏移278长度4253081字节，剩余326 
 
 dissect_ssl输入框＃2972（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reports_length_remaining = 59 
 dissect_ssl3_record：content_type 20更改密码规则
 dissect_ssl3_change_cipher_spec 
 packet_from_server：来自服务器 -  TRUE 
 ssl_change_cipher SERVER 
记录：offset = 6，reported_length_remaining = 53 
 dissect_ssl3_record：content_type 22握手
 decrypt_ssl3_record：app_data len 48，ssl状态0x11 
 packet_from_server：来自服务器 -  TRUE 
 decrypt_ssl3_record：using server解码器
 decrypt_ssl3_record：无解码器
 dissect_ssl3_handshake迭代1类型8偏移11长度5212462字节，剩余59 
 
 dissect_ssl输入帧＃2973（第一次）
对话= 00000000060056C0，ssl_ses sion = 0000000006005E40 
 record：offset = 0，reported_length_remaining = 277 
 dissect_ssl3_record：content_type 23应用程序数据
 decrypt_ssl3_record：app_data len 272，ssl state 0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户机解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口59050发现0000000000000000 
 association_find：TCP端口7447找到0000000004FCF520 
 
 dissect_ssl enter框架＃2990（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 53 
 dissect_ssl3_record：content_type 23应用程序数据
 decrypt_ssl3_record：app_data len 48 ，ssl状态0x11 
 packet_from_server：来自服务器 -  TRUE 
 decrypt_ssl3_record：使用服务器解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口7447发现0000000004FCF520 
 
 dissect_ssl输入框＃2991（第一次）
 conversation = 00000000060056C0，ssl_session = 0000000006005E40 
 record：offset = 0，reported_length_remaining = 1380 
 need_desegmentation：offset = 0，reported_length_remaining = 1380 
 
 dissect_ssl输入框＃2999（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 8565 
 dissect_ssl3_record：content_type 23应用程序数据
 decrypt_ssl3_record： app_data len 8560，ssl状态0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户端解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口59050发现0000000000000000 
 association_find：TCP端口7447发现0000000004FCF520 
 
 dissect_ssl输入框架＃3805（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 389 
 dissect_ssl3_record： content_type 23应用程序数据
 decrypt_ssl3_record：app_data len 384，ssl state 0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record：使用客户机解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口59050发现0000000000000000 
 association_find：TCP端口7447找到0000000004FCF520 
 
 dissect_ssl输入框＃3807（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 53 
 dissect_ssl3_record：content_type 23应用程序数据
 decrypt_ssl3_record：app_data len 48，ssl state 0x11 
 packet_from_server：来自服务器 -  TRUE 
 decrypt_ssl3_record：服务器解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口7447发现0000000004FCF520 
 
 dissect_ssl输入框架＃3808（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录： et = 0，reports_length_remaining = 1380 
 need_desegmentation：offset = 0，reported_length_remaining = 1380 
 
 dissect_ssl输入框＃3815（第一次）
对话= 00000000060056C0，ssl_session = 0000000006005E40 
记录：offset = 0，reported_length_remaining = 8469 
 dissect_ssl3_record：content_type 23应用程序数据
 decrypt_ssl3_record：app_data len 8464，ssl状态0x11 
 packet_from_server：来自服务器 -  FALSE 
 decrypt_ssl3_record ：使用客户端解码器
 decrypt_ssl3_record：无解码器
 association_find：TCP端口59050发现0000000000000000 
 association_find：TCP端口7447发现0000000004FCF520 
 
 dissect_ssl进入帧＃2968（已经访问）
对话= 00000000060056C0，ssl_session = 0000000000000000 
记录：offset = 0，reported_length_remaining = 123 
 dissect_ssl3_record：content_type 22握手
 dissect_ssl3_handshake迭代1类型1偏移量5长度114字节， REMA in in 123 
 
 dissect_ssl enter frame＃2971（already visited）
 conversation = 00000000060056C0，ssl_session = 0000000000000000 
 record：offset = 0，reported_length_remaining = 326 
 dissect_ssl3_record：content_type 22握手
 dissect_ssl3_handshake迭代1类型16偏移量5长度258字节，剩余267 
记录：offset = 267，reported_length_remaining = 59 
 dissect_ssl3_record：content_type 20更改密码规则
 dissect_ssl3_change_cipher_spec 
记录：offset = 273，reported_length_remaining = 53 
 dissect_ssl3_record：content_type 22握手
 dissect_ssl3_handshake迭代1类型166偏移278长度4253081字节，剩余326 
 
 dissect_ssl输入框＃2973 （已访问）
 conversation = 00000000060056C0，ssl_session = 0000000000000000 
 record：offset = 0，reported_length_remaining = 277 
 dissect_ssl3_record：content_type 23应用程序数据
 association_find：TCP端口59050 found 0000000000000000 
 association_find：TCP端口7447发现0000000004FCF520 
 
 dissect_ssl输入框＃2999（已访问）
对话= 00000000060056C0，ssl_session = 0000000000000000 
记录：offset = 0， reports_length_remaining = 8565 
 dissect_ssl3_record：content_type 23应用程序数据
 association_find：TCP端口59050发现0000000000000000 
 association_find：TCP端口7447找到0000000004FCF520 
 
 dissect_ssl输入框架＃3805（已经已访问）
 conversation = 00000000060056C0，ssl_session = 0000000000000000 
 record：offset = 0，reported_length_remaining = 389 
 dissect_ssl3_record：content_type 23应用程序数据
 association_find：TCP端口59050 found 0000000000000000 
 association_find：TCP port 7447 found 0000000004FCF520 
 
 dissect_ssl enter frame＃2968（already visited）
 conversation = 00000000060056C0，ssl_session = 0000000000000000 
 record：offset = 0，reported_length_remaining = 123 
 dissect_ssl3_record：content_type 22握手
 dissect_ssl3_handshake迭代1类型1偏移量5长度114字节，剩余123 
 
 dissect_ssl输入框＃2968（已访问）
会话= 00000000060056C0，ssl_session = 0000000000000000 
记录：offset = 0，reported_length_remaining = 123 
 dissect_ssl3_record：content_type 22握手
 dissect_ssl3_handshake迭代1类型1偏移量5长度114字节，剩余123 
  

解决方案

ssl_decrypt_pre_master_secret密钥交换0与KEX_RSA不同（16 ）

看起来您正在使用DHE加密套件（至少不是具有RSA密钥交换的加密套件），这将提供完美转发保密，并防止这些数据包的解密，即使您有私钥。

您可能对...感兴趣： p>

• 此安全性问题


• SSL / TLS&完美的前进保密由Vincent Bernat

如果这是调试，尝试关闭DHE密码

您可以通过查看服务器Hello 数据包中的内容查看使用哪个密码套件在Wireshark。

---

较新的版本还可以直接使用预先的秘密密码（请参阅使用（Pre ） - Wireshark wiki SSL页面中的主密码部分）。在某些情况下，这可能是您从客户端获得的。无论哪种方式，为了这个工作，你需要从双方之一掌握前主人的秘密。以下是Wireshark维基的一部分链接：

• Ask.Wireshark：使用主密钥和会话ID跟踪SSL流


• Security.SE：使用DHE_RSA密码套件解密Wireshark中的TLS

I'm running Wireshark 1.8.6 on Windows Server 2008 R2 and attempting to decrypt incoming HTTPS communication in order to debug an issue I'm seeing.

I have my RSA Keys list set up correctly (I think) but Wireshark will not decrypt the SSL traffic for some reason. I've gotten this to work in the past while debugging exchanges with other client systems so I'm wondering if it's something specific with the TLS being used here (i.e. I've read that you cannot decrypt if using Diffie-Hellman but I can't tell if that's what is being used).

I have my RSA Keys list entry as follows:

IP Address: 192.168.1.27 (the IP address of the server)
Port: 7447
Protocol: http
Key File: set to my .pem (which I created using openssl from a .pfx containing both the public and private key).
Password: blank because it doesn't seem to need it for a .pem (Wireshark actually throws an error if I enter one).

In my Wireshark trace, I can see the Client Hello and Server Hello but the application data is not being decrypted (Right click -> Follow SSL Stream shows nothing).

My SSL log is pasted below -- is there something in here I am missing that will tell me why the decryption is failing? I see a few entries like this that worry me but I'm not sure how to interpret them:

packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16)
dissect_ssl3_handshake can't decrypt pre master secret
  record: offset = 267, reported_length_remaining = 59

SSL Log:

ssl_association_remove removing TCP 7447 - http handle 00000000041057D0
Private key imported: KeyID 02:bb:83:4f:80:cf:39:59:39:cd:74:ab:b4:4b:c7:20:...
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init IPv4 addr '192.168.1.27' (192.168.1.27) port '7447' filename 'C:\Users\username\Desktop\Certs\server_cert.pem.pem' password(only for p12 file) ''
ssl_init private key file C:\Users\username\Desktop\Certs\server_cert.pem.pem successfully loaded.
association_add TCP port 7447 protocol http handle 00000000041057D0

dissect_ssl enter frame #2968 (first time)
ssl_session_init: initializing ptr 0000000006005E40 size 680
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 123
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 118, ssl state 0x00
association_find: TCP port 59050 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 
packet_from_server: is from server - FALSE
ssl_find_private_key server 192.168.1.27:7447
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #2971 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 326
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x11
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 262, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16)
dissect_ssl3_handshake can't decrypt pre master secret
  record: offset = 267, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
  record: offset = 273, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 48, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 166 offset 278 length 4253081 bytes, remaining 326 

dissect_ssl enter frame #2972 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER
  record: offset = 6, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 48, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 8 offset 11 length 5212462 bytes, remaining 59 

dissect_ssl enter frame #2973 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 277
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 272, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #2990 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 48, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #2991 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 1380
  need_desegmentation: offset = 0, reported_length_remaining = 1380

dissect_ssl enter frame #2999 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 8565
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 8560, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #3805 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 389
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 384, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #3807 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 53
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 48, ssl state 0x11
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #3808 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 1380
  need_desegmentation: offset = 0, reported_length_remaining = 1380

dissect_ssl enter frame #3815 (first time)
  conversation = 00000000060056C0, ssl_session = 0000000006005E40
  record: offset = 0, reported_length_remaining = 8469
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 8464, ssl state 0x11
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #2968 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 123
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

dissect_ssl enter frame #2971 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 326
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 
  record: offset = 267, reported_length_remaining = 59
dissect_ssl3_record: content_type 20 Change Cipher Spec
dissect_ssl3_change_cipher_spec
  record: offset = 273, reported_length_remaining = 53
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 166 offset 278 length 4253081 bytes, remaining 326 

dissect_ssl enter frame #2973 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 277
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #2999 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 8565
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #3805 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 389
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 59050 found 0000000000000000
association_find: TCP port 7447 found 0000000004FCF520

dissect_ssl enter frame #2968 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 123
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

dissect_ssl enter frame #2968 (already visited)
  conversation = 00000000060056C0, ssl_session = 0000000000000000
  record: offset = 0, reported_length_remaining = 123
dissect_ssl3_record: content_type 22 Handshake
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 114 bytes, remaining 123 

解决方案

ssl_decrypt_pre_master_secret key exchange 0 different from KEX_RSA (16)

It looks like you're using a DHE cipher suite (at least not a cipher suite with RSA key exchange), which will provide Perfect Forward Secrecy and prevent the decryption of these packets, even if you have the private key.

You might be interested in:

• This Security.SE question
• SSL/TLS & Perfect Forward Secrecy by Vincent Bernat

If this is for debugging, try to turn off the DHE cipher suites.

You should be able to see which cipher suite you're using by looking within the Server Hello packet in Wireshark.

---

Newer versions can also use the pre-master secret directly (read "Using the (Pre)-Master-Secret" section of the Wireshark wiki SSL page). This is something you may be able to get from the client side too in some cases. Either way, for this to work, you need to get hold of the pre-master secret from one of the two parties. Here are a couple of links from that section of the Wireshark wiki:

• Ask.Wireshark: Follow SSL stream using Master-key and Session-ID
• Security.SE: Decrypting TLS in Wireshark when using DHE_RSA ciphersuites

这篇关于解密Wireshark中的HTTPS流量不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！