Differences

This shows you the differences between two versions of the page.

--- ubuntu:ssl:dump_ssl_data_in_realtime [2021/02/02 12:12] – peter
+++ ubuntu:ssl:dump_ssl_data_in_realtime [2021/02/02 12:16] (current) – peter
@@ Line 46: / Line 46: @@
 </WRAP>
+----
+===== Pass a Private Key to ssldump =====
+To decrypt communications and dump application data, ssldump will need a copy of the private key from the server you wish to debug.
+ssldump will use this key to derive the session key that is negotiated between the client and the server, and used to encrypt all network communications.
+<code bash>
+ssldump -a -A -H -k rsa.key -i en0
+</code>
+returns:
+<code>
+# connection setup removed...
+.6155 (3.6155)  C>S
+---------------------------------------------------------------
+GET / HTTP/1.0
+---------------------------------------------------------------
+12 3.8862 (0.2310)  C>SV3.1(32)  application_data
+13 3.8862 (0.0000)  C>SV3.1(32)  application_data
+.8466 (0.2311)  C>S
+---------------------------------------------------------------
+---------------------------------------------------------------
+.8777 (0.0310)  S>C
+---------------------------------------------------------------
+HTTP/1.1 403 Forbidden
+Date: Mon, 12 Feb 2016 12:13:14 GMT
+Server: Apache/2.0.50
+Content-Length: 1
+Connection: close
+Content-Type: text/html; charset=iso-8859-1
+</code>
+<WRAP info>
+**NOTE:**  ssldump displays the HTTP requests sent to the sharewiz.net web server.
+  * ssldump supports Berkeley Packet Filter style filters, allowing you to grab and decode specific communications.
+</WRAP>
+----
+Capture SSL communications destined for host peter on TCP port 443:
+<code bash>
+ssldump -a -A -H -k rsa.key -i en0 host peter and port 443
+</code>