mirror of
https://github.com/wader/fq.git
synced 2024-12-20 20:01:59 +03:00
9852f56b74
What it can do: - Decodes records and most standard messages and extensions. - Decryptes records and reassemples application data stream if a keylog is provided and the cipher suite is supported. - Supports most recommended and used ciphers and a bunch of older ones. What it can't do: - SSL v3 maybe supported, is similar to TLS 1.0, not tested. - Decryption and renegotiation/cipher change. - Record defragmentation not supported, seems rare over TCP. - TLS 1.3 - SSL v2 but v2 compat header is supported. - Some key exchange messages not decoded yet Decryption code is heavly based on golang crypto/tls and zmap/zcrypto. Will be base for decoding http2 and other TLS based on protocols. Fixes #587
19 lines
631 B
Markdown
19 lines
631 B
Markdown
## Dev notes
|
|
|
|
TLS deflate compression seems to actually be zlib, so zlib header + deflate. Also each record is compressed with a flush (trailing 0x00 0x00 0xff 0xff) so that they can be uncompressed individually.
|
|
|
|
https://lekensteyn.nl/files/wireshark-ssl-tls-decryption-secrets-sharkfest18eu.pdf
|
|
|
|
```
|
|
tshark -x -V -o tls.keylog_file:file.keylog -r file.pcap
|
|
```
|
|
|
|
Wireshark gui has TLS debug option to write key/iv etc
|
|
|
|
```
|
|
tcpdump -i en0 -w file.pcap
|
|
SSLKEYLOGFILE=file.keylog /path/to/sslkey-able/curl --http1.1 -tlsv1.2 --tls-max 1.2 -v https://host/path
|
|
```
|
|
|
|
TLS 1.3 dumps https://gitlab.com/wireshark/wireshark/-/issues/12779
|