原文地址:[url]https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/[/url]
Wireshark常见的问题是不能轻松分析加密的数据,例如TLS。它只能解密RSA密钥交换的加密流量。
[b]Session Key Logging to the Rescue![/b]
事实上,Firefox和Chrome都支持把用于加密的symmetric session key 记录到文件的功能。这样就可以把wireshark指向一个文件然后解密。
[b]浏览器设置[/b]
windows:
电脑属性->高级系统设置->环境变量
[img]http://dl2.iteye.com/upload/attachment/0106/6016/aaaf85a9-f59f-303e-a442-b5479fa2f318.jpg[/img]
添加SSLKEYLOGFILE变量,然后指向你希望的位置
[img]http://dl2.iteye.com/upload/attachment/0106/6018/dc79317a-1ebf-3a4c-b8a2-31fa4f87a17e.jpg[/img]
[quote] Linux or Mac OS X:
$ export SSLKEYLOGFILE=~/path/to/sslkeylog.log[/quote]
或者可以编辑:
[quote]~/.bashrc
~/.MacOSX/environment[/quote]
这样每次登陆的时候该环境变量就会自动设置。
[b]设置wireshak:[/b]
需要wireshark版本是1.6以上。
[img]http://dl2.iteye.com/upload/attachment/0106/6020/97b00203-6969-3032-ad9e-14847400874e.jpg[/img]
扩展协议部分
[img]http://dl2.iteye.com/upload/attachment/0106/6022/763d0e95-73f4-344b-9d4e-0f0c3d2b731c.jpg[/img]
添加log文件的位置
[img]http://dl2.iteye.com/upload/attachment/0106/6024/9ee7f37d-ebd6-3fd8-8f8b-cc52690671ed.jpg[/img]
结果:
[img]http://dl2.iteye.com/upload/attachment/0106/6028/513f1556-7a22-3294-92d4-26d47ce0a901.png[/img]
[img]http://dl2.iteye.com/upload/attachment/0106/6026/0b68a01f-45e3-3948-8f46-e6af5ad55104.png[/img]
![Win10系统怎么开启Linux Bash命令行?[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)