原文位址:[url]https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/[/url]
Wireshark常見的問題是不能輕松分析加密的資料,例如TLS。它隻能解密RSA密鑰交換的加密流量。
[b]Session Key Logging to the Rescue![/b]
事實上,Firefox和Chrome都支援把用于加密的symmetric session key 記錄到檔案的功能。這樣就可以把wireshark指向一個檔案然後解密。
[b]浏覽器設定[/b]
windows:
電腦屬性->進階系統設定->環境變量
[img]http://dl2.iteye.com/upload/attachment/0106/6016/aaaf85a9-f59f-303e-a442-b5479fa2f318.jpg[/img]
添加SSLKEYLOGFILE變量,然後指向你希望的位置
[img]http://dl2.iteye.com/upload/attachment/0106/6018/dc79317a-1ebf-3a4c-b8a2-31fa4f87a17e.jpg[/img]
[quote] Linux or Mac OS X:
$ export SSLKEYLOGFILE=~/path/to/sslkeylog.log[/quote]
或者可以編輯:
[quote]~/.bashrc
~/.MacOSX/environment[/quote]
這樣每次登陸的時候該環境變量就會自動設定。
[b]設定wireshak:[/b]
需要wireshark版本是1.6以上。
[img]http://dl2.iteye.com/upload/attachment/0106/6020/97b00203-6969-3032-ad9e-14847400874e.jpg[/img]
擴充協定部分
[img]http://dl2.iteye.com/upload/attachment/0106/6022/763d0e95-73f4-344b-9d4e-0f0c3d2b731c.jpg[/img]
添加log檔案的位置
[img]http://dl2.iteye.com/upload/attachment/0106/6024/9ee7f37d-ebd6-3fd8-8f8b-cc52690671ed.jpg[/img]
結果:
[img]http://dl2.iteye.com/upload/attachment/0106/6028/513f1556-7a22-3294-92d4-26d47ce0a901.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0106/6026/0b68a01f-45e3-3948-8f46-e6af5ad55104.png[/img]
![Win10系統怎麼開啟Linux Bash指令行?[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)