1
1
mirror of https://github.com/wader/fq.git synced 2024-12-27 15:42:07 +03:00
fq/format/tls
Mattias Wadman 051a70bd4b interp: Change bit ranges to use exclusive end
All other ranges and slicing uses exclusive end so i think it make sense
to make it consistent.

Update docs and add additional example for non-byte-aligned field.

Also fixes issue showing zero bit ranges as start-NA.
2023-10-20 15:37:26 +02:00
..
ciphersuites golangci-lint: Disable revive unused-parameter and update for new default config 2023-03-18 22:56:58 +01:00
keylog tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
rezlib tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
testdata interp: Change bit ranges to use exclusive end 2023-10-20 15:37:26 +02:00
tlsdecrypt tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
alerts.go tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
extensions.go golangci-lint: Disable revive unused-parameter and update for new default config 2023-03-18 22:56:58 +01:00
README.md tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00
tls.go matroska: Decode ebml date type 2023-10-17 11:10:48 +02:00
tls.md tls: Add TLS 1.0, 1.1, 1.2 decode and decryption 2023-03-05 13:52:12 +01:00

Dev notes

TLS deflate compression seems to actually be zlib, so zlib header + deflate. Also each record is compressed with a flush (trailing 0x00 0x00 0xff 0xff) so that they can be uncompressed individually.

https://lekensteyn.nl/files/wireshark-ssl-tls-decryption-secrets-sharkfest18eu.pdf

tshark -x -V -o tls.keylog_file:file.keylog -r file.pcap

Wireshark gui has TLS debug option to write key/iv etc

tcpdump -i en0 -w file.pcap
SSLKEYLOGFILE=file.keylog /path/to/sslkey-able/curl --http1.1 -tlsv1.2 --tls-max 1.2 -v https://host/path

TLS 1.3 dumps https://gitlab.com/wireshark/wireshark/-/issues/12779