Discovering the New World: The simplest way to crack SSL encrypted network data packets

Discovering the New World: The simplest way to crack SSL encrypted network data packets
1. Introduction

I believe that the peers who can access this article will basically use WireShark, a popular network packet capture tool, to capture corresponding network packets for problem analysis or other things you know.

Generally, WireShark can be used to capture packets for analysis. However, there is a problem here: if you encounter network data encrypted by using SSL/TLS or other encryption means, we will often be helpless. In the past, if we had the private key of the transmission session, we could still provide it to WireShark to decrypt these encrypted packets, however, this was the time when RSA was used for network data encryption. Today, everyone has gradually embraced the PFS era of forward encryption technology, so this method is no longer applicable. Because the purpose of forward encryption technology is to make every data interaction use different private keys, so it is impossible for you to crack the network packets of the entire session with only one private key like in the RSA era. So this is a very annoying thing.

2. The Session Key log is used to save the fire!

Please do not start. Here I will tell you another simple solution to solve this problem! In fact, both Firefox and Chrome Support recording the symmetric session key used to encrypt TLS packets in the form of a log file. In this way, you can specify the file in WireShark to quickly complete your cracking goal. Proceed to the specific steps.

3. Browsers Configuration

First, you need to configure an environment variable.

3.1 configuration in Windows:

I don't need to talk about how to go to the environment variable configuration page. After all, it is still Windows in China.

Add a new environment variable named "SSLKEYLOGFILE" at the location and specify its path to the place where you want to save your session private key.

3.2 configuration on Linux or mac OS X:

$ export SSLKEYLOGFILE=~/path/to/sslkeylog.log

Of course, if you want to specify the Log Path every time your system starts, you can perform the following actions in your Linux system:

1~/.bashrc

Or run the following command on your mac OS X:

1~/.MacOSX/environment 

In this way, the TLS key will be automatically written to the specified file next time we start Firefox or Chrome's developer mode.

~/.MacOSX/environment

4. Wireshark Configuration

 

To support this function, your current WireShark version must be 1.6 or updated. The only thing we need to do is first go to the preference settings page:

 

Expand protocol options:

Find the SSL option and open the session key set above to save the file, as shown in:

5. Results

It is the display result after WireShark captures the TLS data packet:

This is what it looks like when you switch to the "Decrypted SSL Data" tab. Note that we can now see the request information in plain-text! Success! You can see that WireShark has a "decrypted SSL Data" label. After clicking it, you can see the decrypted TLS Data packets as shown in:

6. Summary

Through this article, I sincerely hope you can learn something from it. This method enables us to crack TLS packets so bluntly. Another benefit of this method is that you do not need to install any Wireshark tool for the two machines in the session, because you may worry that the installation may cause problems, but you do not know what the problem is. You only need to specify the session key file above to a network shared folder, then install WireShark on another machine, and specify the key file to capture packets as shown in the previous figure..

Finally, thank you for reading this article. If you want to see the latest technology and other articles every day, please pay attention to your public account: techgogogo. Thank you!

------------------

Https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/: