如何从浏览器SSL / TLS会话中导出主密码? [英] How to export master secret from browser SSL/TLS session?
问题描述
我想在Windows中打开浏览器,转到HTTPS站点,并在使用Wireshark捕获数据包时执行一系列操作。然后我想使用加密的数据包捕获来查看解密的HTTP流量。如果您放弃浏览器,访问服务器或添加MITM,我知道有很多方法(如下所示),但是当您仅限于上述情况时,这些方法都不会起作用。以下是我的典型方法:
服务器:对于拥有服务器私钥的站点,请使用Wireshark的内置SSL解密。
MITM:SSL代理(例如Burp套件)将允许查看解密的流量,但这需要使用与服务器使用的不同的证书和密钥对
浏览器:openssl的s_client可以连接,发出请求并导出主密钥,但这不会显示关联的网页或运行javascript来计算后续请求参数。
有没有办法从正常浏览器导出主机密码,以便我可以使用它来稍后解密浏览器会话的数据包捕获?
例如,当浏览器关闭时,是否将SSL / TLS状态存储在磁盘上?如果是这样,我该如何访问它?浏览器正在运行时是否可以在内存中访问(如果是,我该如何找到它)?或者,是否是由OS(Windows)存储的所有SSL状态数据,并且不能直接访问?
或者有没有办法强制浏览器使用特定的主密钥(以及任何其他关联的SSL状态数据,如会话ID等)用于特定的HTTPS连接?如果是这样,我可以使用s_client设置SSL会话,然后将密钥数据传输到浏览器并在同一会话中打开一个新的连接。
对于使用NSS库(例如Firefox)的浏览器,您可以设置 SSLKEYLOGFILE 环境变量,这将使NSS保存必要的秘密。然后,您可以直接在Wireshark中使用该文件。还有更多信息可以此处。
I'd like to open a browser in Windows, go to an HTTPS site, and perform a sequence of actions while capturing packets with Wireshark. Then I want to use the encrypted packet capture to view the decrypted HTTP traffic. I know of many ways to do this (listed below) if you forego the browser, have access to the server, or add a MITM, but none of these work when you're restricted to the scenario above. Here are my typical approaches:
Server: For sites where I have the server private key, use Wireshark's built-in SSL decryption.
MITM: An SSL proxy (e.g., Burp suite) will allow viewing of decrypted traffic, but this requires using a different certificate and key pair than what is used by the server.
Browser: openssl's s_client can connect, make requests, and export the master secret, but this does not display the associated web pages or run javascript to compute subsequent request parameters.
Is there a way to export the master secret from a "normal" browser so that I can use it to later decrypt a packet capture of the browser session?
For example, is SSL/TLS state stored on disk when a browser is closed? If so, how would I access it? Is it accessible in memory while the browser is running (and if so how would I find it)?
Or, is all SSL state data stored by the OS (Windows) and not accessible directly?
Alternatively, is there a way to force a browser to use a particular master secret (and any other associated SSL state data like session ID, etc.) for a particular HTTPS connection? If so, I could set up the SSL session using s_client, and then transfer the key data to the browser and open a new connection in the same session. This would accomplish the same goal through different means.
For browsers that use the NSS library (e.g. Firefox) you can set the SSLKEYLOGFILE environment variable, which will cause NSS to save the necessary secrets. You can then directly use that file with Wireshark. There's more information to be found here.
这篇关于如何从浏览器SSL / TLS会话中导出主密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
