Wiki

User Tools

Site Tools

Trace:
ubuntu:ssl:dump_ssl_data_in_realtime

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubuntu:ssl:dump_ssl_data_in_realtime [2021/02/02 12:09] – created peterubuntu:ssl:dump_ssl_data_in_realtime [2021/02/02 12:16] (current) peter
Line 36: Line 36:
 </code> </code>
  
 +<WRAP info>
 +**NOTE:**  
 +
 +  * **-A** and **-H** options tell ssldump to print all of the SSL record layer headers.
 +  * **-a**:  Include TCP connection states, such as SYN, SYN/ACK, ACK, FIN, etc.
 +  * **C>S**:  Communications originating from the client.
 +  * **S>C**:  Messages originating from the server
 +
 +</WRAP>
 +
 +----
 +
 +===== Pass a Private Key to ssldump =====
 +
 +To decrypt communications and dump application data, ssldump will need a copy of the private key from the server you wish to debug.
 +
 +ssldump will use this key to derive the session key that is negotiated between the client and the server, and used to encrypt all network communications.
 +
 +<code bash>
 +ssldump -a -A -H -k rsa.key -i en0
 +</code>
 +
 +returns:
 +
 +<code>
 +# connection setup removed...
 +
 +3.6155 (3.6155)  C>S
 +---------------------------------------------------------------
 +GET / HTTP/1.0
 +---------------------------------------------------------------
 +
 +2 12 3.8862 (0.2310)  C>SV3.1(32)  application_data
 +2 13 3.8862 (0.0000)  C>SV3.1(32)  application_data
 +3.8466 (0.2311)  C>S
 +---------------------------------------------------------------
 +
 +---------------------------------------------------------------
 +
 +3.8777 (0.0310)  S>C
 +---------------------------------------------------------------
 +HTTP/1.1 403 Forbidden
 +Date: Mon, 12 Feb 2016 12:13:14 GMT
 +Server: Apache/2.0.50
 +Content-Length: 1
 +Connection: close
 +Content-Type: text/html; charset=iso-8859-1
 +</code>
 +
 +<WRAP info>
 +**NOTE:**  ssldump displays the HTTP requests sent to the sharewiz.net web server.
 +
 +  * ssldump supports Berkeley Packet Filter style filters, allowing you to grab and decode specific communications.
 +
 +</WRAP>
 +
 +----
 +
 +Capture SSL communications destined for host peter on TCP port 443:
 +
 +<code bash>
 +ssldump -a -A -H -k rsa.key -i en0 host peter and port 443
 +</code>
ubuntu/ssl/dump_ssl_data_in_realtime.1612267789.txt.gz · Last modified: 2021/02/02 12:09 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki